# Logs # Audit ## Get account audit logs (Version 2) `client.accounts.logs.audit.list(AuditListParamsparams, RequestOptionsoptions?): CursorPaginationAfter` **get** `/accounts/{account_id}/logs/audit` Gets a list of audit logs for an account. ### Parameters - `params: AuditListParams` - `account_id: string` Path param: The unique id that identifies the account. - `before: string` Query param: Limits the returned results to logs older than the specified date. This can be a date string 2019-04-30 (interpreted in UTC) or an absolute timestamp that conforms to RFC3339. - `since: string` Query param: Limits the returned results to logs newer than the specified date. This can be a date string 2019-04-30 (interpreted in UTC) or an absolute timestamp that conforms to RFC3339. - `id?: ID` Query param - `not?: Array` Filters out audit logs by their IDs. - `account_name?: AccountName` Query param - `not?: Array` Filters out audit logs by the account name. - `action_result?: ActionResult` Query param - `not?: Array<"success" | "failure">` Filters out audit logs by whether the action was successful or not. - `"success"` - `"failure"` - `action_type?: ActionType` Query param - `not?: Array<"create" | "delete" | "view" | "update">` Filters out audit logs by the action type. - `"create"` - `"delete"` - `"view"` - `"update"` - `actor_context?: ActorContext` Query param - `not?: Array<"api_key" | "api_token" | "dash" | 2 more>` Filters out audit logs by the actor context. - `"api_key"` - `"api_token"` - `"dash"` - `"oauth"` - `"origin_ca_key"` - `actor_email?: ActorEmail` Query param - `not?: Array` Filters out audit logs by the actor's email address. - `actor_id?: ActorID` Query param - `not?: Array` Filters out audit logs by the actor ID. This can be either the Account ID or User ID. - `actor_ip_address?: ActorIPAddress` Query param - `not?: Array` Filters out audit logs IP address where the action was initiated. - `actor_token_id?: ActorTokenID` Query param - `not?: Array` Filters out audit logs by the API token ID when the actor context is an api_token or oauth. - `actor_token_name?: ActorTokenName` Query param - `not?: Array` Filters out audit logs by the API token name when the actor context is an api_token or oauth. - `actor_type?: ActorType` Query param - `not?: Array<"account" | "cloudflare_admin" | "system" | "user">` Filters out audit logs by the actor type. - `"account"` - `"cloudflare_admin"` - `"system"` - `"user"` - `audit_log_id?: AuditLogID` Query param - `not?: Array` Filters out audit logs by their IDs. - `cursor?: string` Query param: The cursor is an opaque token used to paginate through large sets of records. It indicates the position from which to continue when requesting the next set of records. A valid cursor value can be obtained from the cursor object in the result_info structure of a previous response. - `direction?: "desc" | "asc"` Query param: Sets sorting order. - `"desc"` - `"asc"` - `limit?: number` Query param: The number limits the objects to return. The cursor attribute may be used to iterate over the next batch of objects if there are more than the limit. - `raw_cf_ray_id?: RawCfRayID` Query param - `not?: Array` Filters out audit logs by the response CF Ray ID. - `raw_method?: RawMethod` Query param - `not?: Array` Filters out audit logs by the HTTP method for the API call. - `raw_status_code?: RawStatusCode` Query param - `not?: Array` Filters out audit logs by the response status code that was returned. - `raw_uri?: RawURI` Query param - `not?: Array` Filters out audit logs by the request URI. - `resource_id?: ResourceID` Query param - `not?: Array` Filters out audit logs by the resource ID. - `resource_product?: ResourceProduct` Query param - `not?: Array` Filters out audit logs by the Cloudflare product associated with the changed resource. - `resource_scope?: ResourceScope` Query param - `not?: Array<"accounts" | "user" | "zones" | "memberships">` Filters out audit logs by the resource scope, specifying whether the resource is associated with an user, an account, a zone, or a membership. - `"accounts"` - `"user"` - `"zones"` - `"memberships"` - `resource_type?: ResourceType` Query param - `not?: Array` Filters out audit logs based on the unique type of resource changed by the action. - `zone_id?: ZoneID` Query param - `not?: Array` Filters out audit logs by the zone ID. - `zone_name?: ZoneName` Query param - `not?: Array` Filters out audit logs by the zone name associated with the change. ### Returns - `AuditListResponse` - `id?: string` A unique identifier for the audit log entry. - `account?: Account` Contains account related information. - `id?: string` A unique identifier for the account. - `name?: string` A string that identifies the account name. - `action?: Action` Provides information about the action performed. - `description?: string` A short description of the action performed. - `result?: string` The result of the action, indicating success or failure. - `time?: string` A timestamp indicating when the action was logged. - `type?: string` A short string that describes the action that was performed. - `actor?: Actor` Provides details about the actor who performed the action. - `id?: string` The ID of the actor who performed the action. If a user performed the action, this will be their User ID. - `context?: "api_key" | "api_token" | "dash" | 2 more` - `"api_key"` - `"api_token"` - `"dash"` - `"oauth"` - `"origin_ca_key"` - `email?: string` The email of the actor who performed the action. - `ip_address?: string` The IP address of the request that performed the action. - `token_id?: string` The API token ID when the actor context is an api_token or oauth. - `token_name?: string` The API token name when the actor context is an api_token or oauth. - `type?: "account" | "cloudflare_admin" | "system" | "user"` The type of actor. - `"account"` - `"cloudflare_admin"` - `"system"` - `"user"` - `raw?: Raw` Provides raw information about the request and response. - `cf_ray_id?: string` The Cloudflare Ray ID for the request. - `method?: string` The HTTP method of the request. - `status_code?: number` The HTTP response status code returned by the API. - `uri?: string` The URI of the request. - `user_agent?: string` The client's user agent string sent with the request. - `resource?: Resource` Provides details about the affected resource. - `id?: string` The unique identifier for the affected resource. - `product?: string` The Cloudflare product associated with the resource. - `request?: unknown` - `response?: unknown` - `scope?: unknown` The scope of the resource. - `type?: string` The type of the resource. - `zone?: Zone` Provides details about the zone affected by the action. - `id?: string` A string that identifies the zone id. - `name?: string` A string that identifies the zone name. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const auditListResponse of client.accounts.logs.audit.list({ account_id: 'a67e14daa5f8dceeb91fe5449ba496ef', before: '2024-10-31', since: '2024-10-30', })) { console.log(auditListResponse.id); } ``` #### Response ```json { "errors": [ { "message": "message" } ], "result": [ { "id": "023e105f4ecef8ad9ca31a8372d0c353", "account": { "id": "4bb334f7c94c4a29a045f03944f072e5", "name": "Example Account" }, "action": { "description": "Add Member", "result": "success", "time": "2024-04-26T17:31:07Z", "type": "create" }, "actor": { "id": "f6b5de0326bb5182b8a4840ee01ec774", "context": "dash", "email": "alice@example.com", "ip_address": "198.41.129.166", "token_id": "token_id", "token_name": "token_name", "type": "user" }, "raw": { "cf_ray_id": "8e9b1c60ef9e1c9a", "method": "POST", "status_code": 200, "uri": "/accounts/4bb334f7c94c4a29a045f03944f072e5/members", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Safari/605.1.15" }, "resource": { "id": "id", "product": "members", "request": {}, "response": {}, "scope": {}, "type": "type" }, "zone": { "id": "id", "name": "example.com" } } ], "result_info": { "count": "1", "cursor": "ASqdKd7dKgxh-aZ8bm0mZos1BtW4BdEqifCzNkEeGRzi_5SN_-362Y8sF-C1TRn60_6rd3z2dIajf9EAPyQ_NmIeAMkacmaJPXipqvP7PLU4t72wyqBeJfjmjdE=" }, "success": true } ``` ## Domain Types ### Audit List Response - `AuditListResponse` - `id?: string` A unique identifier for the audit log entry. - `account?: Account` Contains account related information. - `id?: string` A unique identifier for the account. - `name?: string` A string that identifies the account name. - `action?: Action` Provides information about the action performed. - `description?: string` A short description of the action performed. - `result?: string` The result of the action, indicating success or failure. - `time?: string` A timestamp indicating when the action was logged. - `type?: string` A short string that describes the action that was performed. - `actor?: Actor` Provides details about the actor who performed the action. - `id?: string` The ID of the actor who performed the action. If a user performed the action, this will be their User ID. - `context?: "api_key" | "api_token" | "dash" | 2 more` - `"api_key"` - `"api_token"` - `"dash"` - `"oauth"` - `"origin_ca_key"` - `email?: string` The email of the actor who performed the action. - `ip_address?: string` The IP address of the request that performed the action. - `token_id?: string` The API token ID when the actor context is an api_token or oauth. - `token_name?: string` The API token name when the actor context is an api_token or oauth. - `type?: "account" | "cloudflare_admin" | "system" | "user"` The type of actor. - `"account"` - `"cloudflare_admin"` - `"system"` - `"user"` - `raw?: Raw` Provides raw information about the request and response. - `cf_ray_id?: string` The Cloudflare Ray ID for the request. - `method?: string` The HTTP method of the request. - `status_code?: number` The HTTP response status code returned by the API. - `uri?: string` The URI of the request. - `user_agent?: string` The client's user agent string sent with the request. - `resource?: Resource` Provides details about the affected resource. - `id?: string` The unique identifier for the affected resource. - `product?: string` The Cloudflare product associated with the resource. - `request?: unknown` - `response?: unknown` - `scope?: unknown` The scope of the resource. - `type?: string` The type of the resource. - `zone?: Zone` Provides details about the zone affected by the action. - `id?: string` A string that identifies the zone id. - `name?: string` A string that identifies the zone name.