Skip to content
Cloudflare API
Start here
API Reference
Zero Trust
Access
Logs
Access Requests

Get Access authentication logs

GET/accounts/{account_id}/access/logs/access_requests

Gets a list of Access authentication audit logs for an account.

Security

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
Access: Audit Logs Read
Path ParametersExpand Collapse
account_id: string

Identifier.

maxLength32
Query ParametersExpand Collapse
allowedOp: optional "eq" or "neq"

Operator for the allowed filter.

One of the following:
"eq"
"neq"
app_typeOp: optional "eq" or "neq"

Operator for the app_type filter.

One of the following:
"eq"
"neq"
app_uidOp: optional "eq" or "neq"

Operator for the app_uid filter.

One of the following:
"eq"
"neq"
country_codeOp: optional "eq" or "neq"

Operator for the country_code filter.

One of the following:
"eq"
"neq"
direction: optional "desc" or "asc"

The chronological sorting order for the logs.

One of the following:
"desc"
"asc"
email: optional string

Filter by user email. Defaults to substring matching. To force exact matching, set email_exact=true. Example (default): email=@example.com returns all events with that domain. Example (exact): email=user@example.com&email_exact=true returns only that user.

formatemail
email_exact: optional boolean

When true, email is matched exactly instead of substring matching.

emailOp: optional "eq" or "neq"

Operator for the email filter.

One of the following:
"eq"
"neq"
fields: optional string

Comma-separated list of fields to include in the response. When omitted, all fields are returned.

idpOp: optional "eq" or "neq"

Operator for the idp filter.

One of the following:
"eq"
"neq"
limit: optional number

The maximum number of log entries to retrieve.

non_identityOp: optional "eq" or "neq"

Operator for the non_identity filter.

One of the following:
"eq"
"neq"
page: optional number

Page number of results.

per_page: optional number

Number of results per page.

ray_idOp: optional "eq" or "neq"

Operator for the ray_id filter.

One of the following:
"eq"
"neq"
since: optional string

The earliest event timestamp to query.

formatdate-time
until: optional string

The latest event timestamp to query.

formatdate-time
user_id: optional string

Filter by user UUID.

formatuuid
user_idOp: optional "eq" or "neq"

Operator for the user_id filter.

One of the following:
"eq"
"neq"
ReturnsExpand Collapse
errors: array of { code, message, documentation_url, source }
code: number
minimum1000
message: string
documentation_url: optional string
source: optional { pointer }
pointer: optional string
messages: array of { code, message, documentation_url, source }
code: number
minimum1000
message: string
documentation_url: optional string
source: optional { pointer }
pointer: optional string
success: true

Whether the API call was successful.

result: optional array of AccessRequest { action, allowed, app_domain, 6 more }
action: optional string

The event that occurred, such as a login attempt.

allowed: optional boolean

The result of the authentication event.

app_domain: optional string

The URL of the Access application.

app_uid: optional string

The unique identifier for the Access application.

connection: optional string

The IdP used to authenticate.

created_at: optional string
formatdate-time
ip_address: optional string

The IP address of the authenticating user.

ray_id: optional string

The unique identifier for the request to Cloudflare.

maxLength16
user_email: optional string

The email address of the authenticating user.

formatemail

Get Access authentication logs

curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/access/logs/access_requests \
    -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
    -H "X-Auth-Key: $CLOUDFLARE_API_KEY"
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": [
    {
      "action": "login",
      "allowed": true,
      "app_domain": "test.example.com/admin",
      "app_uid": "df7e2w5f-02b7-4d9d-af26-8d1988fca630",
      "connection": "saml",
      "created_at": "2014-01-01T05:20:00.12345Z",
      "ip_address": "198.41.129.166",
      "ray_id": "187d944c61940c77",
      "user_email": "user@example.com"
    }
  ]
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": [
    {
      "action": "login",
      "allowed": true,
      "app_domain": "test.example.com/admin",
      "app_uid": "df7e2w5f-02b7-4d9d-af26-8d1988fca630",
      "connection": "saml",
      "created_at": "2014-01-01T05:20:00.12345Z",
      "ip_address": "198.41.129.166",
      "ray_id": "187d944c61940c77",
      "user_email": "user@example.com"
    }
  ]
}