Skip to content
Cloudflare API
Start here
API Reference
Audit Logs

Get account audit logs

audit_logs.list(AuditLogListParams**kwargs) -> SyncV4PagePaginationArray[AuditLog]
GET/accounts/{account_id}/audit_logs

Gets a list of audit logs for an account. Can be filtered by who made the change, on which zone, and the timeframe of the change.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
Account Settings WriteAccount Settings Read
ParametersExpand Collapse
account_id: str

Identifier

maxLength32
id: Optional[str]

Finds a specific log by its ID.

action: Optional[Action]
type: Optional[str]

Filters by the action type.

actor: Optional[Actor]
email: Optional[str]

Filters by the email address of the actor that made the change.

formatemail
ip: Optional[str]

Filters by the IP address of the request that made the change by specific IP address or valid CIDR Range.

before: Optional[Union[Union[null, null], Union[str, datetime]]]

Limits the returned results to logs older than the specified date. A full-date that conforms to RFC3339.

One of the following:
Union[null, null]

Limits the returned results to logs older than the specified date. A full-date that conforms to RFC3339.

Union[str, datetime]

Limits the returned results to logs older than the specified date. A date-time that conforms to RFC3339.

direction: Optional[Literal["desc", "asc"]]

Changes the direction of the chronological sorting.

One of the following:
"desc"
"asc"
export: Optional[bool]

Indicates that this request is an export of logs in CSV format.

hide_user_logs: Optional[bool]

Indicates whether or not to hide user level audit logs.

page: Optional[float]

Defines which page of results to return.

minimum1
per_page: Optional[float]

Sets the number of results to return per page.

maximum1000
minimum1
since: Optional[Union[Union[null, null], Union[str, datetime]]]

Limits the returned results to logs newer than the specified date. A full-date that conforms to RFC3339.

One of the following:
Union[null, null]

Limits the returned results to logs newer than the specified date. A full-date that conforms to RFC3339.

Union[str, datetime]

Limits the returned results to logs newer than the specified date. A date-time that conforms to RFC3339.

zone: Optional[Zone]
name: Optional[str]

Filters by the name of the zone associated to the change.

ReturnsExpand Collapse
class AuditLog:
id: Optional[str]

A string that uniquely identifies the audit log.

action: Optional[Action]
result: Optional[bool]

A boolean that indicates if the action attempted was successful.

type: Optional[str]

A short string that describes the action that was performed.

actor: Optional[Actor]
id: Optional[str]

The ID of the actor that performed the action. If a user performed the action, this will be their User ID.

email: Optional[str]

The email of the user that performed the action.

formatemail
ip: Optional[str]

The IP address of the request that performed the action.

type: Optional[Literal["user", "admin", "Cloudflare"]]

The type of actor, whether a User, Cloudflare Admin, or an Automated System.

One of the following:
"user"
"admin"
"Cloudflare"
interface: Optional[str]

The source of the event.

metadata: Optional[object]

An object which can lend more context to the action being logged. This is a flexible value and varies between different actions.

new_value: Optional[str]

The new value of the resource that was modified.

old_value: Optional[str]

The value of the resource before it was modified.

owner: Optional[Owner]
id: Optional[str]

Identifier

maxLength32
resource: Optional[Resource]
id: Optional[str]

An identifier for the resource that was affected by the action.

type: Optional[str]

A short string that describes the resource that was affected by the action.

when: Optional[datetime]

A UTC RFC3339 timestamp that specifies when the action being logged occured.

formatdate-time

Get account audit logs

import os
from cloudflare import Cloudflare

client = Cloudflare(
    api_token=os.environ.get("CLOUDFLARE_API_TOKEN"),  # This is the default and can be omitted
)
page = client.audit_logs.list(
    account_id="023e105f4ecef8ad9ca31a8372d0c353",
)
page = page.result[0]
print(page.id)
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": [
    {
      "id": "d5b0f326-1232-4452-8858-1089bd7168ef",
      "action": {
        "result": true,
        "type": "change_setting"
      },
      "actor": {
        "id": "f6b5de0326bb5182b8a4840ee01ec774",
        "email": "michelle@example.com",
        "ip": "198.41.129.166",
        "type": "user"
      },
      "interface": "API",
      "metadata": {
        "name": "security_level",
        "type": "firewall",
        "value": "high",
        "zone_name": "example.com"
      },
      "newValue": "low",
      "oldValue": "high",
      "owner": {
        "id": "023e105f4ecef8ad9ca31a8372d0c353"
      },
      "resource": {
        "id": "023e105f4ecef8ad9ca31a8372d0c353",
        "type": "zone"
      },
      "when": "2017-04-26T17:31:07Z"
    }
  ],
  "success": true
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": [
    {
      "id": "d5b0f326-1232-4452-8858-1089bd7168ef",
      "action": {
        "result": true,
        "type": "change_setting"
      },
      "actor": {
        "id": "f6b5de0326bb5182b8a4840ee01ec774",
        "email": "michelle@example.com",
        "ip": "198.41.129.166",
        "type": "user"
      },
      "interface": "API",
      "metadata": {
        "name": "security_level",
        "type": "firewall",
        "value": "high",
        "zone_name": "example.com"
      },
      "newValue": "low",
      "oldValue": "high",
      "owner": {
        "id": "023e105f4ecef8ad9ca31a8372d0c353"
      },
      "resource": {
        "id": "023e105f4ecef8ad9ca31a8372d0c353",
        "type": "zone"
      },
      "when": "2017-04-26T17:31:07Z"
    }
  ],
  "success": true
}