Search the Audit Log
This API allows you to search and paginate through the Audit Logs.
Request#
When calling the API using a GET request you will send the search criteria on the URL using request parameters. In order to simplify the example URL above, not every possible parameter is shown, however using the provided pattern you may add any of the documented request parameters to the URL.
Request Parameters#
endLongoptionalThe end instant of the date/time range to search within.
messageStringoptionalThe string to search in the Audit Log message for. This can contain wildcards using the asterisk character (*). If no wildcards are present, this parameter value will be interpreted as *value*.
newValueStringoptionalAvailable since 1.30.0The string to search for in the Audit Log field for newValue. Note, that not all audit log entries will contain this field, it is primarily used for Audit Logs for updates to existing objects.
numberOfResultsIntegeroptionalDefaults to 25The number of results to return from the search.
oldValueStringoptionalAvailable since 1.30.0The string to search for in the Audit Log field for oldValue. Note, that not all audit log entries will contain this field, it is primarily used for Audit Logs for updates to existing objects.
orderByStringoptionalDefaults to insertInstant DESCThe database column to order the search results on plus the order direction.
The possible values are:
insertInstant- the instant when the Audit Log was createdinsertUser- the user that created the Audit Logmessage- the message of the Audit Logtenant- the Tenant Name associated with the Audit Log (nullable) Available since 1.65.0
For example, to order the results by the insert instant in a descending order, the value would be provided as insertInstant DESC. The final string is optional and can be set to ASC or DESC.
reasonStringoptionalAvailable since 1.30.0The string to search for in the Audit Log field for reason. Note, that not all audit log entries will contain this field.
startLongoptionalThe start instant of the date/time range to search within.
startRowIntegeroptionalDefaults to 0The offset row to return results from. If the search has 200 records in it and this is 50, it starts with row 50.
tenantIdUUIDoptionalAvailable since 1.65.0Restricts the results to Audit Logs belonging to the given Tenant. This parameter will be overridden if the request contains an X-FusionAuth-TenantId header, or if the supplied API key is scoped to a specific Tenant.
userStringoptionalThe string to search in the Audit Log user for. This can contain wildcards using the asterisk character (*). If no wildcards are present, this parameter value will be interpreted as *value*.
OpenAPI Spec
When calling the API using a POST request you will send the search criteria in a JSON request body.
Request Body#
search.endLongoptionalThe end instant of the date/time range to search within.
search.messageStringoptionalThe string to search in the Audit Log message for. This can contain wildcards using the asterisk character (*). If no wildcards are present, this parameter value will be interpreted as *value*.
search.newValueStringoptionalAvailable since 1.30.0The string to search for in the Audit Log field for newValue. Note, that not all audit log entries will contain this field, it is primarily used for Audit Logs for updates to existing objects.
In versions >= 1.49.0 sensitive values may be masked.
search.numberOfResultsIntegeroptionalDefaults to 25The number of results to return from the search.
search.oldValueStringoptionalAvailable since 1.30.0The string to search for in the Audit Log field for oldValue. Note, that not all audit log entries will contain this field, it is primarily used for Audit Logs for updates to existing objects.
In versions >= 1.49.0 sensitive values may be masked.
search.orderByStringoptionalDefaults to insertInstant DESCThe database column to order the search results on plus the order direction.
The possible values are:
insertInstant- the instant when the Audit Log was createdinsertUser- the user that created the Audit Logmessage- the message of the Audit Logtenant- the Tenant Id associated with the Audit Log (nullable) Available since 1.65.0
For example, to order the results by the insert instant in a descending order, the value would be provided as insertInstant DESC. The final string is optional and can be set to ASC or DESC.
search.reasonStringoptionalAvailable since 1.30.0The string to search for in the Audit Log field for reason. Note, that not all audit log entries will contain this field.
search.startLongoptionalThe start instant of the date/time range to search within.
search.startRowIntegeroptionalDefaults to 0The offset row to return results from. If the search has 200 records in it and this is 50, it starts with row 50.
search.tenantIdUUIDoptionalAvailable since 1.65.0Restricts the results to Audit Logs belonging to the given Tenant. This parameter will be overridden if the request contains an X-FusionAuth-TenantId header, or if the supplied API key is scoped to a specific Tenant.
search.userStringoptionalThe string to search in the Audit Log user for. This can contain wildcards using the asterisk character (*). If no wildcards are present, this parameter value will be interpreted as *value*.
Response#
The response for this API contains the Audit Logs matching the search criteria in paginated format.
Response Codes| Code | Description |
|---|---|
| 200 | The request was successful. The response will contain a JSON body. |
| 400 | The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
| 401 | You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication. |
| 404 | The object you requested doesn't exist. The response will be empty. |
| 500 | There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
| 503 | The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body. |
Response Body#
auditLogsArrayThe list of Audit Logs returned by the search.
auditLogs[x].dataObjectAdditional details of an audit log.
auditLogs[x].data.newValueStringThe new value of a changed object.
In versions >= 1.49.0 sensitive values may be masked.
auditLogs[x].data.oldValueStringThe previous value of a changed object.
In versions >= 1.49.0 sensitive values may be masked.
auditLogs[x].data.reasonStringThe reason why the audit log was created.
auditLogs[x].tenantIdUUIDAvailable since 1.65.0The Id of the Tenant associated with this Audit Log. This field will be null for instance-scoped audit logs.
auditLogs[x].idLongThe Audit Log unique Id.
auditLogs[x].insertInstantLongThe instant when the Audit Log was created.
auditLogs[x].insertUserStringThe user that created the Audit Log.
auditLogs[x].messageStringThe message of the Audit Log.
totalIntegerThe total number of Audit Logs matching the search criteria. Use this value along with the numberOfResults and startRow in the Search request to perform pagination.
Example JSON Response
{
"auditLogs": [
{
"id": 1,
"insertInstant": 1471786483322,
"insertUser": "user@fusionauth.io",
"message": "Audit Log 1"
},
{
"id": 2,
"insertInstant": 1471786489322,
"insertUser": "user@fusionauth.io",
"message": "Audit Log 2"
},
{
"data": {
"externalId": "_applicationA"
},
"newValue:": "{\"name\": \"bar\"}",
"oldValue": "{\"name\": \"foo\"}",
"reason": "Because I like to change things.",
"id": 3,
"insertInstant": 1471796483322,
"insertUser": "user@fusionauth.io",
"message": "Changed Application"
}
],
"total": 100
}