Export Audit Logs

Available Since Version 1.7.0

This API is used to export the Audit Logs, the response will be a compressed zip archive.

Request#

API Key Authentication
Export the Audit Logs matching the criteria
GET/api/system/audit-log/export?message={message}&start={start}&end={end}&user={user}

When calling the API using a GET request you will send the export criteria on the URL using request parameters. In order to simplify the example URL above, not every possible parameter is shown, however using the provided pattern you may add any of the documented request parameters to the URL.

Request Parameters#

dateTimeSecondsFormatStringoptional

The format string used to format the date and time columns in the export result.

When this parameter is omitted a default format of M/d/yyyy hh:mm:ss a z will be used. See the DateTimeFormatter patterns for additional examples.

endLongoptional

The end instant of the date/time range to search within.

messageStringoptional

The string to search in the Audit Log message for. This can contain wildcards using the asterisk character (*). If no wildcards are present, this parameter value will be interpreted as *value*.

startLongoptional

The start instant of the date/time range to search within.

tenantIdUUIDoptionalAvailable since 1.65.0

Restricts the results to Audit Logs belonging to the given Tenant. This parameter will be overridden if the request contains an X-FusionAuth-TenantId header, or if the supplied API key is scoped to a specific Tenant.

userStringoptional

The string to search in the Audit Log user for. This can contain wildcards using the asterisk character (*). If no wildcards are present, this parameter value will be interpreted as *value*.

zoneIdStringoptional

The time zone used to adjust the stored UTC time in the export result.

For example:

America/Denver or US/Mountain

When this parameter is omitted the configured default report time zone will be used. See reportTimezone in the System Configuration API.

API Key Authentication
Export the Audit Logs matching the criteria
POST/api/system/audit-log/export

When calling the API using a POST request you will send the export criteria in a JSON request body.

Request Body#

criteria.endLongoptional

The end instant of the date/time range to include in the export.

criteria.messageStringoptional

The string to search in the Audit Log message for. This can contain wildcards using the asterisk character (*). If no wildcards are present, this parameter value will be interpreted as *value*.

criteria.startLongoptional

The start instant of the date/time range to include in the export.

criteria.tenantIdUUIDoptionalAvailable since 1.65.0

Restricts the results to Audit Logs belonging to the given Tenant. This parameter will be overridden if the request contains an X-FusionAuth-TenantId header, or if the supplied API key is scoped to a specific Tenant.

criteria.userStringoptional

The string to search in the Audit Log user for. This can contain wildcards using the asterisk character (*). If no wildcards are present, this parameter value will be interpreted as *value*.

dateTimeSecondsFormatStringoptional

The format string used to format the date and time columns in the export result.

When this parameter is omitted a default format of M/d/yyyy hh:mm:ss a z will be used. See the DateTimeFormatter patterns for additional examples.

zoneIdStringoptional

The time zone used to adjust the stored UTC time in the export result.

For example:

America/Denver or US/Mountain

When this parameter is omitted the configured default report time zone will be used. See reportTimezone in the System Configuration API.

Response#

The response for this API will contain a compressed zip of the audit logs.

Response Codes
CodeDescription
200

The request was successful. The response will be a compressed archive byte stream with a Content-Type of application/zip.

400The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.
401You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.
404The object you requested doesn't exist. The response will be empty.
500There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.
503The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.