Cloudflare API | Audit Logs › Get Account Audit Logs

API Reference

Account & User Management

Get account audit logs

Resource Sharing

AI

Certificate Management

Certificate Authorities

Client Certificates

Custom Certificates

Custom Hostnames

Keyless Certificates

MTLS Certificates

Origin CA Certificates

Origin Post Quantum Encryption

Origin TLS Client Auth

Cloudflare One

DNS

Account Custom Nameservers

Domain/Zone Management

IP Addresses

Media

Networking

Magic Network Monitoring

Observability

Radar

Routing & Performance

Rules

Cloud Connector

Managed Transforms

URL Normalization

Security

Content Scanning

Leaked Credential Checks

Storage & Databases

Threat Intelligence

Brand Protection

Workers & Pages

Durable Objects

Workers For Platforms

Shared

Audit Logs

audit_logs

Methods

Get Account Audit Logs -> V4PagePaginationArray<

>

get/accounts/{account_id}/audit_logs

Gets a list of audit logs for an account. Can be filtered by who made the change, on which zone, and the timeframe of the change.

Security

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example: Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

Accepted Permissions (at least one required)

Account Settings Write Account Settings Read

Parameters

account_id: string

Identifier

id: string

Optional

Finds a specific log by its ID.

action: {

Optional

type: string

Optional

Filters by the action type.

}

actor: {

Optional

email: string

Optional

Filters by the email address of the actor that made the change.

ip: string

Optional

Filters by the IP address of the request that made the change by specific IP address or valid CIDR Range.

}

before:

Optional

Limits the returned results to logs older than the specified date. A full-date that conforms to RFC3339.

UnionMember0 = string

UnionMember1 = string

direction:

Optional

Changes the direction of the chronological sorting.

"desc"

"asc"

export: boolean

Optional

Indicates that this request is an export of logs in CSV format.

hide_user_logs: boolean

Optional

Indicates whether or not to hide user level audit logs.

page: number

Optional

Defines which page of results to return.

per_page: number

Optional

Sets the number of results to return per page.

since:

Optional

Limits the returned results to logs newer than the specified date. A full-date that conforms to RFC3339.

UnionMember0 = string

UnionMember1 = string

zone: {

Optional

name: string

Optional

Filters by the name of the zone associated to the change.

}

Response fields

UnionMember0 = { errors, messages, result, 1 more... }

AaaAPIResponseCommon = { errors, messages, success }

Request example

curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/audit_logs \
    -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
    -H "X-Auth-Key: $CLOUDFLARE_API_KEY"

200Example

{
  "errors": [
    {
      "code": 1000,
      "message": "message"
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message"
    }
  ],
  "result": [
    {
      "id": "d5b0f326-1232-4452-8858-1089bd7168ef",
      "action": {
        "result": true,
        "type": "change_setting"
      },
      "actor": {
        "id": "f6b5de0326bb5182b8a4840ee01ec774",
        "email": "michelle@example.com",
        "ip": "198.41.129.166",
        "type": "user"
      },
      "interface": "API",
      "metadata": {
        "name": "security_level",
        "type": "firewall",
        "value": "high",
        "zone_name": "example.com"
      },
      "newValue": "low",
      "oldValue": "high",
      "owner": {
        "id": "023e105f4ecef8ad9ca31a8372d0c353"
      },
      "resource": {
        "id": "023e105f4ecef8ad9ca31a8372d0c353",
        "type": "zone"
      },
      "when": "2017-04-26T17:31:07Z"
    }
  ],
  "success": true
}