API Reference

Accounts

Logs

Audit

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Get account audit logs (Version 2)

client.accounts.logs.audit.list(AuditListParams { account_id, before, since, 25 more } params, RequestOptionsoptions?): CursorPaginationAfter<AuditListResponse { id, account, action, 4 more } >

GET/accounts/{account_id}/logs/audit

Gets a list of audit logs for an account.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

Accepted Permissions (at least one required)

Account Settings WriteAccount Settings Read

ParametersExpand Collapse

params: AuditListParams { account_id, before, since, 25 more }

account_id: string

Path param: The unique id that identifies the account.

before: string

Query param: Limits the returned results to logs older than the specified date. This can be a date string 2019-04-30 (interpreted in UTC) or an absolute timestamp that conforms to RFC3339.

formatdate

since: string

Query param: Limits the returned results to logs newer than the specified date. This can be a date string 2019-04-30 (interpreted in UTC) or an absolute timestamp that conforms to RFC3339.

formatdate

id?: ID

Query param

not?: Array<string>

Filters out audit logs by their IDs.

account_name?: AccountName

Query param

not?: Array<string>

Filters out audit logs by the account name.

action_result?: ActionResult

Query param

not?: Array<"success" | "failure">

Filters out audit logs by whether the action was successful or not.

One of the following:

"success"

"failure"

action_type?: ActionType

Query param

not?: Array<"create" | "delete" | "view" | "update">

Filters out audit logs by the action type.

One of the following:

"create"

"delete"

"view"

"update"

actor_context?: ActorContext

Query param

not?: Array<"api_key" | "api_token" | "dash" | 2 more>

Filters out audit logs by the actor context.

One of the following:

"api_key"

"api_token"

"dash"

"oauth"

"origin_ca_key"

actor_email?: ActorEmail

Query param

not?: Array<string>

Filters out audit logs by the actor’s email address.

actor_id?: ActorID

Query param

not?: Array<string>

Filters out audit logs by the actor ID. This can be either the Account ID or User ID.

actor_ip_address?: ActorIPAddress

Query param

not?: Array<string>

Filters out audit logs IP address where the action was initiated.

actor_token_id?: ActorTokenID

Query param

not?: Array<string>

Filters out audit logs by the API token ID when the actor context is an api_token or oauth.

actor_token_name?: ActorTokenName

Query param

not?: Array<string>

Filters out audit logs by the API token name when the actor context is an api_token or oauth.

actor_type?: ActorType

Query param

not?: Array<"account" | "cloudflare_admin" | "system" | "user">

Filters out audit logs by the actor type.

One of the following:

"account"

"cloudflare_admin"

"system"

"user"

audit_log_id?: AuditLogID

Query param

Deprecatednot?: Array<string>

Filters out audit logs by their IDs.

cursor?: string

Query param: The cursor is an opaque token used to paginate through large sets of records. It indicates the position from which to continue when requesting the next set of records. A valid cursor value can be obtained from the cursor object in the result_info structure of a previous response.

direction?: "desc" | "asc"

Query param: Sets sorting order.

One of the following:

"desc"

"asc"

limit?: number

Query param: The number limits the objects to return. The cursor attribute may be used to iterate over the next batch of objects if there are more than the limit.

maximum1000

minimum1

raw_cf_ray_id?: RawCfRayID

Query param

not?: Array<string>

Filters out audit logs by the response CF Ray ID.

raw_method?: RawMethod

Query param

not?: Array<string>

Filters out audit logs by the HTTP method for the API call.

raw_status_code?: RawStatusCode

Query param

not?: Array<number>

Filters out audit logs by the response status code that was returned.

raw_uri?: RawURI

Query param

not?: Array<string>

Filters out audit logs by the request URI.

resource_id?: ResourceID

Query param

not?: Array<string>

Filters out audit logs by the resource ID.

resource_product?: ResourceProduct

Query param

not?: Array<string>

Filters out audit logs by the Cloudflare product associated with the changed resource.

resource_scope?: ResourceScope

Query param

not?: Array<"accounts" | "user" | "zones" | "memberships">

Filters out audit logs by the resource scope, specifying whether the resource is associated with an user, an account, a zone, or a membership.

One of the following:

"accounts"

"user"

"zones"

"memberships"

resource_type?: ResourceType

Query param

not?: Array<string>

Filters out audit logs based on the unique type of resource changed by the action.

zone_id?: ZoneID

Query param

not?: Array<string>

Filters out audit logs by the zone ID.

zone_name?: ZoneName

Query param

not?: Array<string>

Filters out audit logs by the zone name associated with the change.

ReturnsExpand Collapse

AuditListResponse { id, account, action, 4 more }

id?: string

A unique identifier for the audit log entry.

maxLength32

account?: Account { id, name }

Contains account related information.

id?: string

A unique identifier for the account.

name?: string

A string that identifies the account name.

action?: Action { description, result, time, type }

Provides information about the action performed.

description?: string

A short description of the action performed.

result?: string

The result of the action, indicating success or failure.

time?: string

A timestamp indicating when the action was logged.

formatdate-time

type?: string

A short string that describes the action that was performed.

actor?: Actor { id, context, email, 4 more }

Provides details about the actor who performed the action.

id?: string

The ID of the actor who performed the action. If a user performed the action, this will be their User ID.

context?: "api_key" | "api_token" | "dash" | 2 more

One of the following:

"api_key"

"api_token"

"dash"

"oauth"

"origin_ca_key"

email?: string

The email of the actor who performed the action.

formatemail

ip_address?: string

The IP address of the request that performed the action.

token_id?: string

The API token ID when the actor context is an api_token or oauth.

token_name?: string

The API token name when the actor context is an api_token or oauth.

type?: "account" | "cloudflare_admin" | "system" | "user"

The type of actor.

One of the following:

"account"

"cloudflare_admin"

"system"

"user"

raw?: Raw { cf_ray_id, method, status_code, 2 more }

Provides raw information about the request and response.

cf_ray_id?: string

The Cloudflare Ray ID for the request.

method?: string

The HTTP method of the request.

status_code?: number

The HTTP response status code returned by the API.

uri?: string

The URI of the request.

user_agent?: string

The client’s user agent string sent with the request.

resource?: Resource { id, product, request, 3 more }

Provides details about the affected resource.

id?: string

The unique identifier for the affected resource.

product?: string

The Cloudflare product associated with the resource.

request?: unknown

response?: unknown

scope?: unknown

The scope of the resource.

type?: string

The type of the resource.

zone?: Zone { id, name }

Provides details about the zone affected by the action.

id?: string

A string that identifies the zone id.

name?: string

A string that identifies the zone name.

Get account audit logs (Version 2)

TypeScript

HTTP

TypeScript

Python

Go

Terraform

import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

// Automatically fetches more pages as needed.
for await (const auditListResponse of client.accounts.logs.audit.list({
  account_id: 'a67e14daa5f8dceeb91fe5449ba496ef',
  before: '2024-10-31',
  since: '2024-10-30',
})) {
  console.log(auditListResponse.id);
}

200 example

{
  "errors": [
    {
      "message": "message"
    }
  ],
  "result": [
    {
      "id": "023e105f4ecef8ad9ca31a8372d0c353",
      "account": {
        "id": "4bb334f7c94c4a29a045f03944f072e5",
        "name": "Example Account"
      },
      "action": {
        "description": "Add Member",
        "result": "success",
        "time": "2024-04-26T17:31:07Z",
        "type": "create"
      },
      "actor": {
        "id": "f6b5de0326bb5182b8a4840ee01ec774",
        "context": "dash",
        "email": "alice@example.com",
        "ip_address": "198.41.129.166",
        "token_id": "token_id",
        "token_name": "token_name",
        "type": "user"
      },
      "raw": {
        "cf_ray_id": "8e9b1c60ef9e1c9a",
        "method": "POST",
        "status_code": 200,
        "uri": "/accounts/4bb334f7c94c4a29a045f03944f072e5/members",
        "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Safari/605.1.15"
      },
      "resource": {
        "id": "id",
        "product": "members",
        "request": {},
        "response": {},
        "scope": {},
        "type": "type"
      },
      "zone": {
        "id": "id",
        "name": "example.com"
      }
    }
  ],
  "result_info": {
    "count": "1",
    "cursor": "ASqdKd7dKgxh-aZ8bm0mZos1BtW4BdEqifCzNkEeGRzi_5SN_-362Y8sF-C1TRn60_6rd3z2dIajf9EAPyQ_NmIeAMkacmaJPXipqvP7PLU4t72wyqBeJfjmjdE="
  },
  "success": true
}

Returns Examples

200 example

{
  "errors": [
    {
      "message": "message"
    }
  ],
  "result": [
    {
      "id": "023e105f4ecef8ad9ca31a8372d0c353",
      "account": {
        "id": "4bb334f7c94c4a29a045f03944f072e5",
        "name": "Example Account"
      },
      "action": {
        "description": "Add Member",
        "result": "success",
        "time": "2024-04-26T17:31:07Z",
        "type": "create"
      },
      "actor": {
        "id": "f6b5de0326bb5182b8a4840ee01ec774",
        "context": "dash",
        "email": "alice@example.com",
        "ip_address": "198.41.129.166",
        "token_id": "token_id",
        "token_name": "token_name",
        "type": "user"
      },
      "raw": {
        "cf_ray_id": "8e9b1c60ef9e1c9a",
        "method": "POST",
        "status_code": 200,
        "uri": "/accounts/4bb334f7c94c4a29a045f03944f072e5/members",
        "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Safari/605.1.15"
      },
      "resource": {
        "id": "id",
        "product": "members",
        "request": {},
        "response": {},
        "scope": {},
        "type": "type"
      },
      "zone": {
        "id": "id",
        "name": "example.com"
      }
    }
  ],
  "result_info": {
    "count": "1",
    "cursor": "ASqdKd7dKgxh-aZ8bm0mZos1BtW4BdEqifCzNkEeGRzi_5SN_-362Y8sF-C1TRn60_6rd3z2dIajf9EAPyQ_NmIeAMkacmaJPXipqvP7PLU4t72wyqBeJfjmjdE="
  },
  "success": true
}