Skip to content
Cloudflare API
Start here
API Reference
Security Center
Insights
Audit Logs

Retrieves Issue Audit Log

client.securityCenter.insights.auditLogs.listByInsight(stringissueId, AuditLogListByInsightParams { account_id, zone_id, before, 6 more } params?, RequestOptionsoptions?): CursorPagination<AuditLogListByInsightResponse { id, changed_at, changed_by, 6 more } >
GET/{accounts_or_zones}/{account_or_zone_id}/security-center/insights/{issue_id}/audit-log

Lists audit log entries for a specific Security Center insight, showing changes to its status and classification over time.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
ParametersExpand Collapse
issueId: string
params: AuditLogListByInsightParams { account_id, zone_id, before, 6 more }
account_id?: string

Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.

zone_id?: string

Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

before?: string

Query param: Filter entries changed before this timestamp (RFC 3339).

formatdate-time
changed_by?: string

Query param: Filter by the actor that made the change.

cursor?: string

Query param: Opaque cursor for pagination. Use the cursor value from result_info of the previous response.

field_changed?: "status" | "user_classification"

Query param: Filter by the field that was changed.

One of the following:
"status"
"user_classification"
order?: "asc" | "desc"

Query param: Sort order for results. Use ‘asc’ for oldest first or ‘desc’ for newest first.

One of the following:
"asc"
"desc"
per_page?: number

Query param: Number of results per page.

maximum1000
minimum1
since?: string

Query param: Filter entries changed at or after this timestamp (RFC 3339).

formatdate-time
ReturnsExpand Collapse
AuditLogListByInsightResponse { id, changed_at, changed_by, 6 more }
id?: string

UUIDv7 identifier for the audit log entry, time-ordered.

formatuuid
changed_at?: string

The timestamp when the change occurred.

formatdate-time
changed_by?: string

The actor that made the change. ‘system’ for automated changes, or a user identifier.

current_value?: string | null

The value of the field after the change. Null if the field was cleared.

field_changed?: "status" | "user_classification"

The field that was changed.

One of the following:
"status"
"user_classification"
issue_id?: string

The ID of the insight this audit log entry relates to.

previous_value?: string | null

The value of the field before the change. Null if the field was not previously set.

rationale?: string | null

Optional rationale provided for the change.

zone_id?: number

The zone ID associated with the insight. Only present for zone-level insights.

formatint64

Retrieves Issue Audit Log

import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

// Automatically fetches more pages as needed.
for await (const auditLogListByInsightResponse of client.securityCenter.insights.auditLogs.listByInsight(
  'issue_id',
  { account_id: 'account_id' },
)) {
  console.log(auditLogListByInsightResponse.id);
}
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": [
    {
      "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
      "changed_at": "2019-12-27T18:11:19.117Z",
      "changed_by": "system",
      "current_value": "current_value",
      "field_changed": "status",
      "issue_id": "issue_id",
      "previous_value": "previous_value",
      "rationale": "rationale",
      "zone_id": 0
    }
  ],
  "result_info": {
    "count": 25,
    "cursor": "cursor",
    "per_page": 25
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": [
    {
      "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
      "changed_at": "2019-12-27T18:11:19.117Z",
      "changed_by": "system",
      "current_value": "current_value",
      "field_changed": "status",
      "issue_id": "issue_id",
      "previous_value": "previous_value",
      "rationale": "rationale",
      "zone_id": 0
    }
  ],
  "result_info": {
    "count": 25,
    "cursor": "cursor",
    "per_page": 25
  }
}