# Logs # Access Requests ## Get Access authentication logs `client.zeroTrust.access.logs.accessRequests.list(AccessRequestListParamsparams, RequestOptionsoptions?): AccessRequestListResponse` **get** `/accounts/{account_id}/access/logs/access_requests` Gets a list of Access authentication audit logs for an account. ### Parameters - `params: AccessRequestListParams` - `account_id: string` Path param: Identifier. - `allowedOp?: "eq" | "neq"` Query param: Operator for the `allowed` filter. - `"eq"` - `"neq"` - `app_typeOp?: "eq" | "neq"` Query param: Operator for the `app_type` filter. - `"eq"` - `"neq"` - `app_uidOp?: "eq" | "neq"` Query param: Operator for the `app_uid` filter. - `"eq"` - `"neq"` - `country_codeOp?: "eq" | "neq"` Query param: Operator for the `country_code` filter. - `"eq"` - `"neq"` - `direction?: "desc" | "asc"` Query param: The chronological sorting order for the logs. - `"desc"` - `"asc"` - `email?: string` Query param: Filter by user email. Defaults to substring matching. To force exact matching, set `email_exact=true`. Example (default): `email=@example.com` returns all events with that domain. Example (exact): `email=user@example.com&email_exact=true` returns only that user. - `email_exact?: boolean` Query param: When true, `email` is matched exactly instead of substring matching. - `emailOp?: "eq" | "neq"` Query param: Operator for the `email` filter. - `"eq"` - `"neq"` - `fields?: string` Query param: Comma-separated list of fields to include in the response. When omitted, all fields are returned. - `idpOp?: "eq" | "neq"` Query param: Operator for the `idp` filter. - `"eq"` - `"neq"` - `limit?: number` Query param: The maximum number of log entries to retrieve. - `non_identityOp?: "eq" | "neq"` Query param: Operator for the `non_identity` filter. - `"eq"` - `"neq"` - `page?: number` Query param: Page number of results. - `per_page?: number` Query param: Number of results per page. - `ray_idOp?: "eq" | "neq"` Query param: Operator for the `ray_id` filter. - `"eq"` - `"neq"` - `since?: string` Query param: The earliest event timestamp to query. - `until?: string` Query param: The latest event timestamp to query. - `user_id?: string` Query param: Filter by user UUID. - `user_idOp?: "eq" | "neq"` Query param: Operator for the `user_id` filter. - `"eq"` - `"neq"` ### Returns - `AccessRequestListResponse = Array` - `action?: string` The event that occurred, such as a login attempt. - `allowed?: boolean` The result of the authentication event. - `app_domain?: string` The URL of the Access application. - `app_uid?: string` The unique identifier for the Access application. - `connection?: string` The IdP used to authenticate. - `created_at?: string` - `ip_address?: string` The IP address of the authenticating user. - `ray_id?: string` The unique identifier for the request to Cloudflare. - `user_email?: string` The email address of the authenticating user. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const accessRequests = await client.zeroTrust.access.logs.accessRequests.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(accessRequests); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "action": "login", "allowed": true, "app_domain": "test.example.com/admin", "app_uid": "df7e2w5f-02b7-4d9d-af26-8d1988fca630", "connection": "saml", "created_at": "2014-01-01T05:20:00.12345Z", "ip_address": "198.41.129.166", "ray_id": "187d944c61940c77", "user_email": "user@example.com" } ] } ``` ## Domain Types ### Access Request List Response - `AccessRequestListResponse = Array` - `action?: string` The event that occurred, such as a login attempt. - `allowed?: boolean` The result of the authentication event. - `app_domain?: string` The URL of the Access application. - `app_uid?: string` The unique identifier for the Access application. - `connection?: string` The IdP used to authenticate. - `created_at?: string` - `ip_address?: string` The IP address of the authenticating user. - `ray_id?: string` The unique identifier for the request to Cloudflare. - `user_email?: string` The email address of the authenticating user. # SCIM ## Domain Types ### Access Request - `AccessRequest` - `action?: string` The event that occurred, such as a login attempt. - `allowed?: boolean` The result of the authentication event. - `app_domain?: string` The URL of the Access application. - `app_uid?: string` The unique identifier for the Access application. - `connection?: string` The IdP used to authenticate. - `created_at?: string` - `ip_address?: string` The IP address of the authenticating user. - `ray_id?: string` The unique identifier for the request to Cloudflare. - `user_email?: string` The email address of the authenticating user. # Updates ## List Access SCIM update logs `client.zeroTrust.access.logs.scim.updates.list(UpdateListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/access/logs/scim/updates` Lists Access SCIM update logs that maintain a record of updates made to User and Group resources synced to Cloudflare via the System for Cross-domain Identity Management (SCIM). ### Parameters - `params: UpdateListParams` - `account_id: string` Path param: Identifier. - `idp_id: Array` Query param: The unique Id of the IdP that has SCIM enabled. - `cf_resource_id?: string` Query param: The unique Cloudflare-generated Id of the SCIM resource. - `direction?: "desc" | "asc"` Query param: The chronological order used to sort the logs. - `"desc"` - `"asc"` - `idp_resource_id?: string` Query param: The IdP-generated Id of the SCIM resource. - `limit?: number` Query param: The maximum number of update logs to retrieve. - `page?: number` Query param: Page number of results. - `per_page?: number` Query param: Number of results per page. - `request_method?: Array<"DELETE" | "PATCH" | "POST" | "PUT">` Query param: The request method of the SCIM request. - `"DELETE"` - `"PATCH"` - `"POST"` - `"PUT"` - `resource_group_name?: string` Query param: The display name of the SCIM Group resource. - `resource_type?: Array<"USER" | "GROUP">` Query param: The resource type of the SCIM request. - `"USER"` - `"GROUP"` - `resource_user_email?: string` Query param: The email address of the SCIM User resource. - `since?: string` Query param: the timestamp of the earliest update log. - `status?: Array<"FAILURE" | "SUCCESS">` Query param: The status of the SCIM request. - `"FAILURE"` - `"SUCCESS"` - `until?: string` Query param: the timestamp of the most-recent update log. ### Returns - `UpdateListResponse` - `cf_resource_id?: string` The unique Cloudflare-generated Id of the SCIM resource. - `error_description?: string` The error message which is generated when the status of the SCIM request is 'FAILURE'. - `idp_id?: string` The unique Id of the IdP that has SCIM enabled. - `idp_resource_id?: string` The IdP-generated Id of the SCIM resource. - `logged_at?: string` - `request_body?: string` The JSON-encoded string body of the SCIM request. - `request_method?: string` The request method of the SCIM request. - `resource_group_name?: string` The display name of the SCIM Group resource if it exists. - `resource_type?: string` The resource type of the SCIM request. - `resource_user_email?: string` The email address of the SCIM User resource if it exists. - `status?: string` The status of the SCIM request. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const updateListResponse of client.zeroTrust.access.logs.scim.updates.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', idp_id: ['df7e2w5f-02b7-4d9d-af26-8d1988fca630', '0194ae2c-efcf-7cfb-8884-055f1a161fa5'], })) { console.log(updateListResponse.cf_resource_id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "cf_resource_id": "bd97ef8d-7986-43e3-9ee0-c25dda33e4b0", "error_description": "Invalid JSON body", "idp_id": "df7e2w5f-02b7-4d9d-af26-8d1988fca630", "idp_resource_id": "all_employees", "logged_at": "2014-01-01T05:20:00.12345Z", "request_body": "{}}", "request_method": "DELETE", "resource_group_name": "ALL_EMPLOYEES", "resource_type": "GROUP", "resource_user_email": "john.smith@example.com", "status": "FAILURE" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Domain Types ### Update List Response - `UpdateListResponse` - `cf_resource_id?: string` The unique Cloudflare-generated Id of the SCIM resource. - `error_description?: string` The error message which is generated when the status of the SCIM request is 'FAILURE'. - `idp_id?: string` The unique Id of the IdP that has SCIM enabled. - `idp_resource_id?: string` The IdP-generated Id of the SCIM resource. - `logged_at?: string` - `request_body?: string` The JSON-encoded string body of the SCIM request. - `request_method?: string` The request method of the SCIM request. - `resource_group_name?: string` The display name of the SCIM Group resource if it exists. - `resource_type?: string` The resource type of the SCIM request. - `resource_user_email?: string` The email address of the SCIM User resource if it exists. - `status?: string` The status of the SCIM request.