Back to AsanaGet Audit Log Events
Retrieve the audit log events that have been captured in your domain.
This endpoint will return a list of AuditLogEvent objects, sorted by creation time in ascending order. Note that the Audit Log API captures events from October 8th, 2021 and later. Queries for events before this date will not return results.
There are a number of query parameters (below) that can be used to filter the set of AuditLogEvent objects that are returned in the response. Any combination of query parameters is valid. When no filters are provided, all of the events that have been captured in your domain will match.
The list of events will always be paginated. The default limit is 1000 events. The next set of events can be retrieved using the offset
from the previous response. If there are no events that match the provided filters in your domain, the endpoint will return null
for the next_page
field. Querying again with the same filters may return new events if they were captured after the last request. Once a response includes a next_page
with an offset
, subsequent requests can be made with the latest offset
to poll for new events that match the provided filters.
Note: If the filters you provided match events in your domain and next_page
is present in the response, we will continue to send next_page
on subsequent requests even when there are no more events that match the filters. This was put in place so that you can implement an audit log stream that will return future events that match these filters. If you are not interested in future events that match the filters you have defined, you can rely on checking empty data
response for the end of current events that match your filters.
When no offset
is provided, the response will begin with the oldest events that match the provided filters. It is important to note that AuditLogEvent objects will be permanently deleted from our systems after 90 days. If you wish to keep a permanent record of these events, we recommend using a SIEM tool to ingest and store these logs.
Input
type: object
properties:
parameters:
type: object
properties:
workspace_gid:
type: string
description: Globally unique identifier for the workspace or organization.
start_at:
type: string
format: date-time
description: Filter to events created after this time (inclusive).
end_at:
type: string
format: date-time
description: Filter to events created before this time (exclusive).
event_type:
type: string
description: >-
Filter to events of this type.
Refer to the [supported audit log
events](/docs/audit-log-events#supported-audit-log-events) for a full
list of values.
actor_type:
type: string
enum:
- user
- asana
- asana_support
- anonymous
- external_administrator
description: >-
Filter to events with an actor of this type.
This only needs to be included if querying for actor types without an
ID. If `actor_gid` is included, this should be excluded.
actor_gid:
type: string
description: Filter to events triggered by the actor with this ID.
resource_gid:
type: string
description: Filter to events with this resource ID.
limit:
type: integer
description: >-
Results per page.
The number of objects to return per page. The value must be between 1
and 100.
offset:
type: string
description: >-
Offset token.
An offset to the next page returned by the API. A pagination request
will return an offset token, which can be used as an input parameter
to the next request. If an offset is not passed in, the API will
return the first page of results.
'Note: You can only pass in an offset that was returned to you via a
previously paginated request.'
required:
- workspace_gid
title: Parameters
Output
type: object
properties:
data:
type: array
items:
type: object
properties:
gid:
description: Globally unique identifier of the `AuditLogEvent`, as a string.
type: string
example: '12345'
x-insert-after: false
created_at:
description: The time the event was created.
type: string
format: date-time
example: '2021-01-01T00:00:00.000Z'
event_type:
description: The type of the event.
type: string
example: task_deleted
event_category:
description: The category that this `event_type` belongs to.
type: string
example: deletion
actor:
type: object
properties:
actor_type:
description: >-
The type of actor.
Can be one of `user`, `asana`, `asana_support`, `anonymous`, or
`external_administrator`.
type: string
enum:
- user
- asana
- asana_support
- anonymous
- external_administrator
example: user
gid:
description: Globally unique identifier of the actor, if it is a user.
type: string
example: '1111'
name:
description: The name of the actor, if it is a user.
type: string
example: Greg Sanchez
email:
description: The email of the actor, if it is a user.
type: string
example:
[email protected]
resource:
type: object
properties:
resource_type:
description: The type of resource.
type: string
example: task
resource_subtype:
description: The subtype of resource. Most resources will not have a subtype.
type: string
example: milestone
gid:
description: Globally unique identifier of the resource.
type: string
example: '1111'
name:
description: The name of the resource.
type: string
example: Example Task
email:
description: The email of the resource, if applicable.
type: string
details:
type: object
context:
type: object
properties:
context_type:
description: >-
The type of context.
Can be one of `web`, `desktop`, `mobile`, `asana_support`,
`asana`, `email`, or `api`.
type: string
enum:
- web
- desktop
- mobile
- asana_support
- asana
- email
- api
example: web
api_authentication_method:
description: >-
The authentication method used in the context of an API request.
Only present if the `context_type` is `api`. Can be one of
`cookie`, `oauth`, `personal_access_token`, or
`service_account`.
type: string
enum:
- cookie
- oauth
- personal_access_token
- service_account
client_ip_address:
description: >-
The IP address of the client that initiated the event, if
applicable.
type: string
example: 1.1.1.1
user_agent:
description: >-
The user agent of the client that initiated the event, if
applicable.
type: string
example: >-
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/51.0.2704.103 Safari/537.36
oauth_app_name:
description: |-
The name of the OAuth App that initiated the event.
Only present if the `api_authentication_method` is `oauth`.
type: string