Get organization audit logs (Version 2, Beta release)

client.organizations.logs.audit.list(, , ?): CursorPaginationAfter<AuditListResponse { id, action, actor, 3 more } >

GET/organizations/{organization_id}/logs/audit

Gets a list of audit logs for an organization.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

ParametersExpand Collapse

organizationId: string

The unique id that identifies the organization.

query: AuditListParams { before, since, id, 20 more }

before: string

Limits the returned results to logs older than the specified date. This can be a date string 2019-04-30 (interpreted in UTC) or an absolute timestamp that conforms to RFC3339.

formatdate

since: string

Limits the returned results to logs newer than the specified date. This can be a date string 2019-04-30 (interpreted in UTC) or an absolute timestamp that conforms to RFC3339.

formatdate

id?: ID

not?: Array<string>

Filters out audit logs by their IDs.

action_result?: ActionResult

not?: Array<"success" | "failure">

Filters out audit logs by whether the action was successful or not.

One of the following:

"success"

"failure"

action_type?: ActionType

not?: Array<"create" | "delete" | "view" | "update">

Filters out audit logs by the action type.

One of the following:

"create"

"delete"

"view"

"update"

actor_context?: ActorContext

not?: Array<"api_key" | "api_token" | "dash" | 2 more>

Filters out audit logs by the actor context.

One of the following:

"api_key"

"api_token"

"dash"

"oauth"

"origin_ca_key"

actor_email?: ActorEmail

not?: Array<string>

Filters out audit logs by the actor’s email address.

actor_id?: ActorID

not?: Array<string>

Filters out audit logs by the actor’s user ID.

actor_ip_address?: ActorIPAddress

not?: Array<string>

Filters out audit logs IP address where the action was initiated.

actor_token_id?: ActorTokenID

not?: Array<string>

Filters out audit logs by the API token ID when the actor context is an api_token or oauth.

actor_token_name?: ActorTokenName

not?: Array<string>

Filters out audit logs by the API token name when the actor context is an api_token or oauth.

actor_type?: ActorType

not?: Array<"cloudflare_admin" | "system" | "user">

Filters out audit logs by the actor type.

One of the following:

"cloudflare_admin"

"system"

"user"

cursor?: string

The cursor is an opaque token used to paginate through large sets of records. It indicates the position from which to continue when requesting the next set of records. A valid cursor value can be obtained from the cursor object in the result_info structure of a previous response.

direction?: "desc" | "asc"

Sets sorting order.

One of the following:

"desc"

"asc"

limit?: number

The number limits the objects to return. The cursor attribute may be used to iterate over the next batch of objects if there are more than the limit.

maximum1000

minimum1

raw_cf_ray_id?: RawCfRayID

not?: Array<string>

Filters out audit logs by the response CF Ray ID.

raw_method?: RawMethod

not?: Array<string>

Filters out audit logs by the HTTP method for the API call.

raw_status_code?: RawStatusCode

not?: Array<number>

Filters out audit logs by the response status code that was returned.

raw_uri?: RawURI

not?: Array<string>

Filters out audit logs by the request URI.

resource_id?: ResourceID

not?: Array<string>

Filters out audit logs by the resource ID.

resource_product?: ResourceProduct

not?: Array<string>

Filters out audit logs by the Cloudflare product associated with the changed resource.

resource_scope?: ResourceScope

not?: Array<"organizations">

Filters out audit logs by the resource scope, specifying whether the resource is associated with an organization.

resource_type?: ResourceType

not?: Array<string>

Filters out audit logs based on the unique type of resource changed by the action.

ReturnsExpand Collapse

AuditListResponse { id, action, actor, 3 more }

id?: string

A unique identifier for the audit log entry.

maxLength32

action?: Action { description, result, time, type }

Provides information about the action performed.

description?: string

A short description of the action performed.

result?: string

The result of the action, indicating success or failure.

time?: string

A timestamp indicating when the action was logged.

formatdate-time

type?: string

A short string that describes the action that was performed.

actor?: Actor { id, context, email, 4 more }

Provides details about the actor who performed the action.

id?: string

The ID of the actor who performed the action. If a user performed the action, this will be their User ID.

context?: "api_key" | "api_token" | "dash" | 2 more

One of the following:

"api_key"

"api_token"

"dash"

"oauth"

"origin_ca_key"

email?: string

The email of the actor who performed the action.

formatemail

ip_address?: string

The IP address of the request that performed the action.

token_id?: string

The API token ID when the actor context is an api_token or oauth.

token_name?: string

The API token name when the actor context is an api_token or oauth.

type?: "cloudflare_admin" | "system" | "user"

The type of actor.

One of the following:

"cloudflare_admin"

"system"

"user"

organization?: Organization { id }

Contains organization related information.

id?: string

A unique identifier for the organization.

raw?: Raw { cf_ray_id, method, status_code, 2 more }

Provides raw information about the request and response.

cf_ray_id?: string

The Cloudflare Ray ID for the request.

method?: string

The HTTP method of the request.

status_code?: number

The HTTP response status code returned by the API.

uri?: string

The URI of the request.

user_agent?: string

The client’s user agent string sent with the request.

resource?: Resource { id, product, request, 3 more }

Provides details about the affected resource.

id?: string

The unique identifier for the affected resource.

product?: string

The Cloudflare product associated with the resource.

request?: unknown

response?: unknown

scope?: unknown

The scope of the resource.

type?: string

The type of the resource.

Get organization audit logs (Version 2, Beta release)

import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

// Automatically fetches more pages as needed.
for await (const auditListResponse of client.organizations.logs.audit.list(
  'a67e14daa5f8dceeb91fe5449ba496ef',
  { before: '2024-10-31', since: '2024-10-30' },
)) {
  console.log(auditListResponse.id);
}

{
  "errors": [
    {
      "message": "message"
    }
  ],
  "result": [
    {
      "id": "023e105f4ecef8ad9ca31a8372d0c353",
      "action": {
        "description": "Add Member",
        "result": "success",
        "time": "2024-04-26T17:31:07Z",
        "type": "create"
      },
      "actor": {
        "id": "f6b5de0326bb5182b8a4840ee01ec774",
        "context": "dash",
        "email": "alice@example.com",
        "ip_address": "198.41.129.166",
        "token_id": "token_id",
        "token_name": "token_name",
        "type": "user"
      },
      "organization": {
        "id": "019c4f65e7607d8c9f6f6b58aa3aff50"
      },
      "raw": {
        "cf_ray_id": "8e9b1c60ef9e1c9a",
        "method": "POST",
        "status_code": 200,
        "uri": "/accounts/4bb334f7c94c4a29a045f03944f072e5/members",
        "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Safari/605.1.15"
      },
      "resource": {
        "id": "id",
        "product": "organizations",
        "request": {},
        "response": {},
        "scope": {},
        "type": "type"
      }
    }
  ],
  "result_info": {
    "count": "1",
    "cursor": "ASqdKd7dKgxh-aZ8bm0mZos1BtW4BdEqifCzNkEeGRzi_5SN_-362Y8sF-C1TRn60_6rd3z2dIajf9EAPyQ_NmIeAMkacmaJPXipqvP7PLU4t72wyqBeJfjmjdE="
  },
  "success": true
}

Returns Examples

{
  "errors": [
    {
      "message": "message"
    }
  ],
  "result": [
    {
      "id": "023e105f4ecef8ad9ca31a8372d0c353",
      "action": {
        "description": "Add Member",
        "result": "success",
        "time": "2024-04-26T17:31:07Z",
        "type": "create"
      },
      "actor": {
        "id": "f6b5de0326bb5182b8a4840ee01ec774",
        "context": "dash",
        "email": "alice@example.com",
        "ip_address": "198.41.129.166",
        "token_id": "token_id",
        "token_name": "token_name",
        "type": "user"
      },
      "organization": {
        "id": "019c4f65e7607d8c9f6f6b58aa3aff50"
      },
      "raw": {
        "cf_ray_id": "8e9b1c60ef9e1c9a",
        "method": "POST",
        "status_code": 200,
        "uri": "/accounts/4bb334f7c94c4a29a045f03944f072e5/members",
        "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Safari/605.1.15"
      },
      "resource": {
        "id": "id",
        "product": "organizations",
        "request": {},
        "response": {},
        "scope": {},
        "type": "type"
      }
    }
  ],
  "result_info": {
    "count": "1",
    "cursor": "ASqdKd7dKgxh-aZ8bm0mZos1BtW4BdEqifCzNkEeGRzi_5SN_-362Y8sF-C1TRn60_6rd3z2dIajf9EAPyQ_NmIeAMkacmaJPXipqvP7PLU4t72wyqBeJfjmjdE="
  },
  "success": true
}