> For clean Markdown content of this page, append .md to this URL. For the complete documentation index, see https://learning.postman.com/llms.txt. For full content including API reference and SDK examples, see https://learning.postman.com/llms-full.txt.

# Get team audit logs

GET https://api.getpostman.com/audit/logs

Gets a list of your team's generated audit events. For a complete list of all audit events, see [Audit logs](https://learning.postman.com/docs/administration/audit-logs/).

Reference: https://learning.postman.com/api-docs/api-reference/audit-logs/get-audit-logs

## OpenAPI Specification

```yaml
openapi: 3.1.0
info:
  title: Postman API
  version: 1.0.0
paths:
  /audit/logs:
    get:
      operationId: getAuditLogs
      summary: Get team audit logs
      description: >-
        Gets a list of your team's generated audit events. For a complete list
        of all audit events, see [Audit
        logs](https://learning.postman.com/docs/administration/audit-logs/).
      tags:
        - auditLogs
      parameters:
        - name: userId
          in: query
          description: Return only results that match the given user ID.
          required: false
          schema:
            $ref: '#/components/schemas/auditLogsUserIdQuery'
        - name: action
          in: query
          description: Filter results by an audit log action.
          required: false
          schema:
            $ref: '#/components/schemas/auditLogsActionQuery'
        - name: since
          in: query
          description: Return logs created after the given time, in `YYYY-MM-DD` format.
          required: false
          schema:
            $ref: '#/components/schemas/sinceDateQuery'
        - name: until
          in: query
          description: Return logs created before the given time, in `YYYY-MM-DD` format.
          required: false
          schema:
            $ref: '#/components/schemas/untilDateQuery'
        - name: limit
          in: query
          description: The maximum number of audit events to return at once.
          required: false
          schema:
            $ref: '#/components/schemas/auditLogsLimitQuery'
        - name: cursor
          in: query
          description: >-
            The pointer to the first record of the set of paginated results. To
            view the next response, use the `nextCursor` value for this
            parameter.
          required: false
          schema:
            $ref: '#/components/schemas/cursor'
        - name: orderBy
          in: query
          description: >-
            Return the records in ascending (`asc`) or descending (`desc`)
            order.
          required: false
          schema:
            $ref: '#/components/schemas/ascDescDefaultDesc'
            default: desc
        - name: order_by
          in: query
          description: >-
            Return the records in ascending (`asc`) or descending (`desc`)
            order.
          required: false
          schema:
            $ref: '#/components/schemas/ascDescDefaultDesc'
            default: desc
        - name: x-api-key
          in: header
          required: true
          schema:
            type: string
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/getAuditLogs'
        '400':
          description: Bad Request
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/commonErrorNameMessage'
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GetAuditLogsRequestUnauthorizedError'
        '500':
          description: Internal Server Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GetAuditLogsRequestInternalServerError'
servers:
  - url: https://api.getpostman.com
    description: https://api.getpostman.com
  - url: https://api.eu.postman.com
    description: https://api.eu.postman.com
components:
  schemas:
    auditLogsUserIdQuery:
      type: integer
      title: auditLogsUserIdQuery
    auditLogsActionQuery:
      type: string
      title: auditLogsActionQuery
    sinceDateQuery:
      type: string
      format: date
      title: sinceDateQuery
    untilDateQuery:
      type: string
      format: date
      title: untilDateQuery
    auditLogsLimitQuery:
      type: integer
      title: auditLogsLimitQuery
    cursor:
      type: string
      title: cursor
    ascDescDefaultDesc:
      type: string
      enum:
        - asc
        - desc
      default: desc
      title: ascDescDefaultDesc
    auditLogActor:
      type: object
      properties:
        name:
          type: string
          description: The user's name.
        username:
          type: string
          description: The user's username.
        email:
          type: string
          format: email
          description: The user's email address.
        id:
          type: number
          format: double
          description: The user's ID.
        active:
          type: boolean
          description: If true, the user is active. If false, the user is deactivated.
      description: Information about the user who preformed the audit event.
      title: auditLogActor
    auditLogUser:
      type: object
      properties:
        name:
          type: string
          description: The user's name.
        username:
          type: string
          description: The user's username.
        email:
          type: string
          format: email
          description: The user's email address.
        id:
          type: number
          format: double
          description: The user's ID.
      description: Information about the user.
      title: auditLogUser
    auditLogTeam:
      type: object
      properties:
        name:
          type: string
          description: The team's name.
        id:
          type: number
          format: double
          description: The team's ID.
      description: The user's team information.
      title: auditLogTeam
    auditLogData:
      type: object
      properties:
        actor:
          $ref: '#/components/schemas/auditLogActor'
        user:
          $ref: '#/components/schemas/auditLogUser'
        team:
          $ref: '#/components/schemas/auditLogTeam'
        variables:
          type: object
          additionalProperties:
            description: Any type
          description: Additional information about the performed action.
      description: Information about the audit log.
      title: auditLogData
    auditLogEvent:
      type: object
      properties:
        id:
          type: number
          format: double
          description: The audit event's ID.
        ip:
          type: string
          description: The IP address of the user that performed the action.
        userAgent:
          type: string
          description: The user agent information.
        action:
          type: string
          description: The action performed by the user.
        timestamp:
          type: string
          format: date-time
          description: The date and time at which the event occurred.
        message:
          type: string
          description: The audit event's description.
        data:
          $ref: '#/components/schemas/auditLogData'
      description: Information about the audit log event.
      title: auditLogEvent
    getAuditLogs:
      type: object
      properties:
        trails:
          type: array
          items:
            $ref: '#/components/schemas/auditLogEvent'
          description: A list of audit log events.
      title: getAuditLogs
    CommonErrorNameMessageError:
      type: object
      properties:
        name:
          type: string
          description: The error name.
        message:
          type: string
          description: The error message.
      description: Information about the error.
      title: CommonErrorNameMessageError
    commonErrorNameMessage:
      type: object
      properties:
        error:
          $ref: '#/components/schemas/CommonErrorNameMessageError'
          description: Information about the error.
      title: commonErrorNameMessage
    CommonErrorTypeTitleDetailStatusType:
      oneOf:
        - type: string
          format: uri-reference
        - type: string
      title: CommonErrorTypeTitleDetailStatusType
    commonErrorTypeTitleDetailStatus:
      type: object
      properties:
        type:
          $ref: '#/components/schemas/CommonErrorTypeTitleDetailStatusType'
        title:
          type: string
          description: A short summary of the problem.
        detail:
          type: string
          description: Information about the error.
        status:
          type: integer
          description: The error's HTTP status code.
      title: commonErrorTypeTitleDetailStatus
    GetAuditLogsRequestUnauthorizedError:
      oneOf:
        - $ref: '#/components/schemas/commonErrorTypeTitleDetailStatus'
        - $ref: '#/components/schemas/commonErrorNameMessage'
      title: GetAuditLogsRequestUnauthorizedError
    CommonErrorTypeTitleDetailDetail:
      oneOf:
        - type: string
        - type: object
          additionalProperties:
            description: Any type
      description: Information about the error.
      title: CommonErrorTypeTitleDetailDetail
    commonErrorTypeTitleDetail:
      type: object
      properties:
        type:
          type: string
          description: The type of error.
        title:
          type: string
          description: A short summary of the problem.
        detail:
          $ref: '#/components/schemas/CommonErrorTypeTitleDetailDetail'
          description: Information about the error.
      title: commonErrorTypeTitleDetail
    GetAuditLogsRequestInternalServerError:
      oneOf:
        - $ref: '#/components/schemas/commonErrorTypeTitleDetail'
        - $ref: '#/components/schemas/commonErrorTypeTitleDetailStatus'
        - $ref: '#/components/schemas/commonErrorNameMessage'
      title: GetAuditLogsRequestInternalServerError
  securitySchemes:
    PostmanApiKey:
      type: apiKey
      in: header
      name: x-api-key
    scimApiKey:
      type: apiKey
      in: header
      name: Authorization
      description: >-
        A valid [SCIM API
        key](https://learning.postman.com/docs/administration/scim-provisioning/scim-provisioning-overview/#generating-scim-api-key)
        for calls to SCIM endpoints.
    basicAuth:
      type: http
      scheme: basic

```

## Examples



**Response**

```json
{
  "trails": [
    {
      "id": 12345678,
      "ip": "192.0.2.0",
      "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36",
      "action": "user.login_google_success",
      "timestamp": "2022-08-31T15:19:32.000Z",
      "message": "Taylor Lee successfully logged in using the Google OAuth.",
      "data": {
        "actor": {
          "name": "Taylor Lee",
          "username": "taylor-lee",
          "email": "taylor.lee@example.com",
          "id": 12345678,
          "active": true
        },
        "user": {
          "name": "Taylor Lee",
          "username": "taylor-lee",
          "email": "taylor.lee@example.com",
          "id": 12345678
        },
        "team": {
          "name": "Test-Team",
          "id": 1234
        }
      }
    },
    {
      "id": 87654321,
      "ip": "192.0.2.1",
      "userAgent": "PostmanRuntime/7.29.0 Postman/5.5.4 ChromeApp",
      "action": "user.login_password_success",
      "timestamp": "2022-09-01T06:30:21.000Z",
      "message": "Alex Cruz successfully logged in using the Postman password.",
      "data": {
        "actor": {
          "name": "Alex Cruz",
          "username": "alex-cruz",
          "email": "alex.cruz@example.com",
          "id": 87654321,
          "active": true
        },
        "user": {
          "name": "Alex Cruz",
          "username": "alex-cruz",
          "email": "alex.cruz@example.com",
          "id": 87654321
        },
        "team": {
          "name": "Test-Team",
          "id": 1234
        }
      }
    }
  ]
}
```

**SDK Code**

```python Successful Response
import requests

url = "https://api.getpostman.com/audit/logs"

headers = {"x-api-key": "<apiKey>"}

response = requests.get(url, headers=headers)

print(response.json())
```

```javascript Successful Response
const url = 'https://api.getpostman.com/audit/logs';
const options = {method: 'GET', headers: {'x-api-key': '<apiKey>'}};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}
```

```go Successful Response
package main

import (
	"fmt"
	"net/http"
	"io"
)

func main() {

	url := "https://api.getpostman.com/audit/logs"

	req, _ := http.NewRequest("GET", url, nil)

	req.Header.Add("x-api-key", "<apiKey>")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
```

```ruby Successful Response
require 'uri'
require 'net/http'

url = URI("https://api.getpostman.com/audit/logs")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)
request["x-api-key"] = '<apiKey>'

response = http.request(request)
puts response.read_body
```

```java Successful Response
import com.mashape.unirest.http.HttpResponse;
import com.mashape.unirest.http.Unirest;

HttpResponse<String> response = Unirest.get("https://api.getpostman.com/audit/logs")
  .header("x-api-key", "<apiKey>")
  .asString();
```

```php Successful Response
<?php
require_once('vendor/autoload.php');

$client = new \GuzzleHttp\Client();

$response = $client->request('GET', 'https://api.getpostman.com/audit/logs', [
  'headers' => [
    'x-api-key' => '<apiKey>',
  ],
]);

echo $response->getBody();
```

```csharp Successful Response
using RestSharp;

var client = new RestClient("https://api.getpostman.com/audit/logs");
var request = new RestRequest(Method.GET);
request.AddHeader("x-api-key", "<apiKey>");
IRestResponse response = client.Execute(request);
```

```swift Successful Response
import Foundation

let headers = ["x-api-key": "<apiKey>"]

let request = NSMutableURLRequest(url: NSURL(string: "https://api.getpostman.com/audit/logs")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "GET"
request.allHTTPHeaderFields = headers

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error as Any)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()
```