Cloudflare API | User › Audit Logs

API Reference

Overview

Account & User Management

Abuse Reports

Certificate Management

ACM

Certificate Authorities

Origin CA Certificates

Origin Post Quantum Encryption

Origin TLS Client Auth

SSL

Cloudflare One

Email Security

Zero Trust

DNS

Account Custom Nameservers

DNS

DNS Firewall

Domain/Zone Management

IP Addresses

Media

Networking

Magic Cloud Networking

Magic Network Monitoring

Magic Transit

Network Interconnects

Observability

Radar

Routing & Performance

Rules

Security

Leaked Credential Checks

Storage & Databases

Threat Intelligence

Workers & Pages

Workers For Platforms

Shared

User

user

Methods

User Details -> Envelope<{ id, betas, country, 11 more... }>

get/user

User Details

Edit User -> Envelope<{ id, betas, country, 11 more... }>

patch/user

Edit part of your user details.

User

Audit Logs

user.audit_logs

Methods

Get User Audit Logs -> V4PagePaginationArray<

AuditLog

get/user/audit_logs

Gets a list of audit logs for a user account. Can be filtered by who made the change, on which zone, and the timeframe of the change.

Security

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example: Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

Accepted Permissions (at least one required)

Account Settings Write Account Settings Read

query Parameters

id: string

Optional

Finds a specific log by its ID.

action: {

Optional

type: string

Optional

Filters by the action type.

}

actor: {

Optional

email: string

Optional

(format: email)

Filters by the email address of the actor that made the change.

ip: string

Optional

Filters by the IP address of the request that made the change by specific IP address or valid CIDR Range.

}

before:

Optional

Limits the returned results to logs older than the specified date. A full-date that conforms to RFC3339.

FullDate = string

Limits the returned results to logs older than the specified date. A full-date that conforms to RFC3339.

DateTime = string

Limits the returned results to logs older than the specified date. A date-time that conforms to RFC3339.

direction:

Optional

(default: "desc")

Changes the direction of the chronological sorting.

"desc"

"asc"

export: boolean

Optional

Indicates that this request is an export of logs in CSV format.

hide_user_logs: boolean

Optional

Indicates whether or not to hide user level audit logs.

page: number

Optional

(minimum: 1, default: 1)

Defines which page of results to return.

per_page: number

Optional

(maximum: 1000, minimum: 1, default: 100)

Sets the number of results to return per page.

since:

Optional

Limits the returned results to logs newer than the specified date. A full-date that conforms to RFC3339.

FullDate = string

Limits the returned results to logs newer than the specified date. A full-date that conforms to RFC3339.

DateTime = string

Limits the returned results to logs newer than the specified date. A date-time that conforms to RFC3339.

zone: {

Optional

name: string

Optional

Filters by the name of the zone associated to the change.

}

Response fields

UnionMember0 = { errors, messages, result, 1 more... }

AaaAPIResponseCommon = { errors, messages, success }

Request example

curl https://api.cloudflare.com/client/v4/user/audit_logs \
    -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
    -H "X-Auth-Key: $CLOUDFLARE_API_KEY"

200Example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": [
    {
      "id": "d5b0f326-1232-4452-8858-1089bd7168ef",
      "action": {
        "result": true,
        "type": "change_setting"
      },
      "actor": {
        "id": "f6b5de0326bb5182b8a4840ee01ec774",
        "email": "michelle@example.com",
        "ip": "198.41.129.166",
        "type": "user"
      },
      "interface": "API",
      "metadata": {
        "name": "security_level",
        "type": "firewall",
        "value": "high",
        "zone_name": "example.com"
      },
      "newValue": "low",
      "oldValue": "high",
      "owner": {
        "id": "023e105f4ecef8ad9ca31a8372d0c353"
      },
      "resource": {
        "id": "023e105f4ecef8ad9ca31a8372d0c353",
        "type": "zone"
      },
      "when": "2017-04-26T17:31:07Z"
    }
  ],
  "success": true
}

User

Billing

user.billing

User Billing

History

user.billing.history

Methods

Billing History Details -> V4PagePaginationArray<

BillingHistory

Deprecated

get/user/billing/history

Accesses your billing history object.

Domain types

BillingHistory = { id, action, amount, 5 more... }

User Billing

Profile

user.billing.profile

Methods

Billing Profile Details -> Envelope<{ id, account_type, address, 36 more... }>

Deprecated

get/user/billing/profile

Accesses your billing profile object.

User

Invites

user.invites

Methods

List Invitations -> SinglePage<

Invite

get/user/invites

Lists all invitations associated with my user.

Invitation Details -> Envelope<

Invite

get/user/invites/{invite_id}

Gets the details of an invitation.

Respond To Invitation -> Envelope<

Invite

patch/user/invites/{invite_id}

Responds to an invitation.

Domain types

Invite = { invited_member_id, organization_id, id, 8 more... }

User

Organizations

user.organizations

Methods

List Organizations -> V4PagePaginationArray<

Organization

Deprecated

get/user/organizations

Lists organizations the user is associated with.

Organization Details -> Envelope<unknown>

Deprecated

get/user/organizations/{organization_id}

Gets a specific organization the user is associated with.

Leave Organization -> { id }

Deprecated

delete/user/organizations/{organization_id}

Removes association to an organization.

Domain types

Organization = { id, name, permissions, 2 more... }

User

Subscriptions

user.subscriptions

Methods

Get User Subscriptions -> SinglePage<

Subscription

get/user/subscriptions

Lists all of a user's subscriptions.

Update User Subscription -> Envelope<unknown | string>

put/user/subscriptions/{identifier}

Updates a user's subscriptions.

Delete User Subscription -> { subscription_id }

delete/user/subscriptions/{identifier}

Deletes a user's subscription.

User

Tokens

user.tokens

Methods

List Tokens -> V4PagePaginationArray<

Token

get/user/tokens

List all access tokens you created.

Token Details -> Envelope<

Token

get/user/tokens/{token_id}

Get information about a specific token.

Create Token -> Envelope<{ id, condition, expires_on, 8 more... }>

post/user/tokens

Create a new access token.

Update Token -> Envelope<

Token

put/user/tokens/{token_id}

Update an existing token.

Delete Token -> Envelope<{ id }>

delete/user/tokens/{token_id}

Destroy a token.

Verify Token -> Envelope<{ id, status, expires_on, 1 more... }>

get/user/tokens/verify

Test whether a token works.

User Tokens

Permission Groups

user.tokens.permission_groups

Methods

List Token Permission Groups -> SinglePage<{ id, name, scopes }>

get/user/tokens/permission_groups

Find all available permission groups for API Tokens

User Tokens

Value

user.tokens.value

Methods

Roll Token -> Envelope<

TokenValue

put/user/tokens/{token_id}/value

Roll the token secret.