# Logs # Access Requests ## Get Access authentication logs `client.ZeroTrust.Access.Logs.AccessRequests.List(ctx, params) (*[]AccessRequest, error)` **get** `/accounts/{account_id}/access/logs/access_requests` Gets a list of Access authentication audit logs for an account. ### Parameters - `params AccessLogAccessRequestListParams` - `AccountID param.Field[string]` Path param: Identifier. - `AllowedOp param.Field[AccessLogAccessRequestListParamsAllowedOp]` Query param: Operator for the `allowed` filter. - `const AccessLogAccessRequestListParamsAllowedOpEq AccessLogAccessRequestListParamsAllowedOp = "eq"` - `const AccessLogAccessRequestListParamsAllowedOpNeq AccessLogAccessRequestListParamsAllowedOp = "neq"` - `AppTypeOp param.Field[AccessLogAccessRequestListParamsAppTypeOp]` Query param: Operator for the `app_type` filter. - `const AccessLogAccessRequestListParamsAppTypeOpEq AccessLogAccessRequestListParamsAppTypeOp = "eq"` - `const AccessLogAccessRequestListParamsAppTypeOpNeq AccessLogAccessRequestListParamsAppTypeOp = "neq"` - `AppUIDOp param.Field[AccessLogAccessRequestListParamsAppUIDOp]` Query param: Operator for the `app_uid` filter. - `const AccessLogAccessRequestListParamsAppUIDOpEq AccessLogAccessRequestListParamsAppUIDOp = "eq"` - `const AccessLogAccessRequestListParamsAppUIDOpNeq AccessLogAccessRequestListParamsAppUIDOp = "neq"` - `CountryCodeOp param.Field[AccessLogAccessRequestListParamsCountryCodeOp]` Query param: Operator for the `country_code` filter. - `const AccessLogAccessRequestListParamsCountryCodeOpEq AccessLogAccessRequestListParamsCountryCodeOp = "eq"` - `const AccessLogAccessRequestListParamsCountryCodeOpNeq AccessLogAccessRequestListParamsCountryCodeOp = "neq"` - `Direction param.Field[AccessLogAccessRequestListParamsDirection]` Query param: The chronological sorting order for the logs. - `const AccessLogAccessRequestListParamsDirectionDesc AccessLogAccessRequestListParamsDirection = "desc"` - `const AccessLogAccessRequestListParamsDirectionAsc AccessLogAccessRequestListParamsDirection = "asc"` - `Email param.Field[string]` Query param: Filter by user email. Defaults to substring matching. To force exact matching, set `email_exact=true`. Example (default): `email=@example.com` returns all events with that domain. Example (exact): `email=user@example.com&email_exact=true` returns only that user. - `EmailExact param.Field[bool]` Query param: When true, `email` is matched exactly instead of substring matching. - `EmailOp param.Field[AccessLogAccessRequestListParamsEmailOp]` Query param: Operator for the `email` filter. - `const AccessLogAccessRequestListParamsEmailOpEq AccessLogAccessRequestListParamsEmailOp = "eq"` - `const AccessLogAccessRequestListParamsEmailOpNeq AccessLogAccessRequestListParamsEmailOp = "neq"` - `Fields param.Field[string]` Query param: Comma-separated list of fields to include in the response. When omitted, all fields are returned. - `IdPOp param.Field[AccessLogAccessRequestListParamsIdPOp]` Query param: Operator for the `idp` filter. - `const AccessLogAccessRequestListParamsIdPOpEq AccessLogAccessRequestListParamsIdPOp = "eq"` - `const AccessLogAccessRequestListParamsIdPOpNeq AccessLogAccessRequestListParamsIdPOp = "neq"` - `Limit param.Field[int64]` Query param: The maximum number of log entries to retrieve. - `NonIdentityOp param.Field[AccessLogAccessRequestListParamsNonIdentityOp]` Query param: Operator for the `non_identity` filter. - `const AccessLogAccessRequestListParamsNonIdentityOpEq AccessLogAccessRequestListParamsNonIdentityOp = "eq"` - `const AccessLogAccessRequestListParamsNonIdentityOpNeq AccessLogAccessRequestListParamsNonIdentityOp = "neq"` - `Page param.Field[int64]` Query param: Page number of results. - `PerPage param.Field[int64]` Query param: Number of results per page. - `RayIDOp param.Field[AccessLogAccessRequestListParamsRayIDOp]` Query param: Operator for the `ray_id` filter. - `const AccessLogAccessRequestListParamsRayIDOpEq AccessLogAccessRequestListParamsRayIDOp = "eq"` - `const AccessLogAccessRequestListParamsRayIDOpNeq AccessLogAccessRequestListParamsRayIDOp = "neq"` - `Since param.Field[Time]` Query param: The earliest event timestamp to query. - `Until param.Field[Time]` Query param: The latest event timestamp to query. - `UserID param.Field[string]` Query param: Filter by user UUID. - `UserIDOp param.Field[AccessLogAccessRequestListParamsUserIDOp]` Query param: Operator for the `user_id` filter. - `const AccessLogAccessRequestListParamsUserIDOpEq AccessLogAccessRequestListParamsUserIDOp = "eq"` - `const AccessLogAccessRequestListParamsUserIDOpNeq AccessLogAccessRequestListParamsUserIDOp = "neq"` ### Returns - `type AccessLogAccessRequestListResponseEnvelopeResult []AccessRequest` - `Action string` The event that occurred, such as a login attempt. - `Allowed bool` The result of the authentication event. - `AppDomain string` The URL of the Access application. - `AppUID string` The unique identifier for the Access application. - `Connection string` The IdP used to authenticate. - `CreatedAt Time` - `IPAddress string` The IP address of the authenticating user. - `RayID string` The unique identifier for the request to Cloudflare. - `UserEmail string` The email address of the authenticating user. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) accessRequests, err := client.ZeroTrust.Access.Logs.AccessRequests.List(context.TODO(), zero_trust.AccessLogAccessRequestListParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", accessRequests) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "action": "login", "allowed": true, "app_domain": "test.example.com/admin", "app_uid": "df7e2w5f-02b7-4d9d-af26-8d1988fca630", "connection": "saml", "created_at": "2014-01-01T05:20:00.12345Z", "ip_address": "198.41.129.166", "ray_id": "187d944c61940c77", "user_email": "user@example.com" } ] } ``` # SCIM ## Domain Types ### Access Request - `type AccessRequest struct{…}` - `Action string` The event that occurred, such as a login attempt. - `Allowed bool` The result of the authentication event. - `AppDomain string` The URL of the Access application. - `AppUID string` The unique identifier for the Access application. - `Connection string` The IdP used to authenticate. - `CreatedAt Time` - `IPAddress string` The IP address of the authenticating user. - `RayID string` The unique identifier for the request to Cloudflare. - `UserEmail string` The email address of the authenticating user. # Updates ## List Access SCIM update logs `client.ZeroTrust.Access.Logs.SCIM.Updates.List(ctx, params) (*V4PagePaginationArray[AccessLogSCIMUpdateListResponse], error)` **get** `/accounts/{account_id}/access/logs/scim/updates` Lists Access SCIM update logs that maintain a record of updates made to User and Group resources synced to Cloudflare via the System for Cross-domain Identity Management (SCIM). ### Parameters - `params AccessLogSCIMUpdateListParams` - `AccountID param.Field[string]` Path param: Identifier. - `IdPID param.Field[[]string]` Query param: The unique Id of the IdP that has SCIM enabled. - `CfResourceID param.Field[string]` Query param: The unique Cloudflare-generated Id of the SCIM resource. - `Direction param.Field[AccessLogSCIMUpdateListParamsDirection]` Query param: The chronological order used to sort the logs. - `const AccessLogSCIMUpdateListParamsDirectionDesc AccessLogSCIMUpdateListParamsDirection = "desc"` - `const AccessLogSCIMUpdateListParamsDirectionAsc AccessLogSCIMUpdateListParamsDirection = "asc"` - `IdPResourceID param.Field[string]` Query param: The IdP-generated Id of the SCIM resource. - `Limit param.Field[int64]` Query param: The maximum number of update logs to retrieve. - `Page param.Field[int64]` Query param: Page number of results. - `PerPage param.Field[int64]` Query param: Number of results per page. - `RequestMethod param.Field[[]AccessLogSCIMUpdateListParamsRequestMethod]` Query param: The request method of the SCIM request. - `const AccessLogSCIMUpdateListParamsRequestMethodDelete AccessLogSCIMUpdateListParamsRequestMethod = "DELETE"` - `const AccessLogSCIMUpdateListParamsRequestMethodPatch AccessLogSCIMUpdateListParamsRequestMethod = "PATCH"` - `const AccessLogSCIMUpdateListParamsRequestMethodPost AccessLogSCIMUpdateListParamsRequestMethod = "POST"` - `const AccessLogSCIMUpdateListParamsRequestMethodPut AccessLogSCIMUpdateListParamsRequestMethod = "PUT"` - `ResourceGroupName param.Field[string]` Query param: The display name of the SCIM Group resource. - `ResourceType param.Field[[]AccessLogSCIMUpdateListParamsResourceType]` Query param: The resource type of the SCIM request. - `const AccessLogSCIMUpdateListParamsResourceTypeUser AccessLogSCIMUpdateListParamsResourceType = "USER"` - `const AccessLogSCIMUpdateListParamsResourceTypeGroup AccessLogSCIMUpdateListParamsResourceType = "GROUP"` - `ResourceUserEmail param.Field[string]` Query param: The email address of the SCIM User resource. - `Since param.Field[Time]` Query param: the timestamp of the earliest update log. - `Status param.Field[[]AccessLogSCIMUpdateListParamsStatus]` Query param: The status of the SCIM request. - `const AccessLogSCIMUpdateListParamsStatusFailure AccessLogSCIMUpdateListParamsStatus = "FAILURE"` - `const AccessLogSCIMUpdateListParamsStatusSuccess AccessLogSCIMUpdateListParamsStatus = "SUCCESS"` - `Until param.Field[Time]` Query param: the timestamp of the most-recent update log. ### Returns - `type AccessLogSCIMUpdateListResponse struct{…}` - `CfResourceID string` The unique Cloudflare-generated Id of the SCIM resource. - `ErrorDescription string` The error message which is generated when the status of the SCIM request is 'FAILURE'. - `IdPID string` The unique Id of the IdP that has SCIM enabled. - `IdPResourceID string` The IdP-generated Id of the SCIM resource. - `LoggedAt Time` - `RequestBody string` The JSON-encoded string body of the SCIM request. - `RequestMethod string` The request method of the SCIM request. - `ResourceGroupName string` The display name of the SCIM Group resource if it exists. - `ResourceType string` The resource type of the SCIM request. - `ResourceUserEmail string` The email address of the SCIM User resource if it exists. - `Status string` The status of the SCIM request. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) page, err := client.ZeroTrust.Access.Logs.SCIM.Updates.List(context.TODO(), zero_trust.AccessLogSCIMUpdateListParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), IdPID: cloudflare.F([]string{"df7e2w5f-02b7-4d9d-af26-8d1988fca630", "0194ae2c-efcf-7cfb-8884-055f1a161fa5"}), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "cf_resource_id": "bd97ef8d-7986-43e3-9ee0-c25dda33e4b0", "error_description": "Invalid JSON body", "idp_id": "df7e2w5f-02b7-4d9d-af26-8d1988fca630", "idp_resource_id": "all_employees", "logged_at": "2014-01-01T05:20:00.12345Z", "request_body": "{}}", "request_method": "DELETE", "resource_group_name": "ALL_EMPLOYEES", "resource_type": "GROUP", "resource_user_email": "john.smith@example.com", "status": "FAILURE" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ```