Audit logs

This feature is available on Postman Enterprise plans. For more information, see the pricing page.

Audit logs display events related to your team, team members, and billing. Admins and Super Admins can view which team member performed an action, and when they did so. Events include team members signing in to your team, creating a Postman API key, adding a team member, upgrading to a paid plan, and more.

Postman offers audit logs for 180 days.

View audit logs in the dashboard

Admins and Super Admins can view audit logs for your team in your Audit Logs dashboard. To view audit logs, open Postman and select Team > Audit Logs in the Postman header.

Each audit log event includes the following information:

The team member who performed the action, and their email address.
The event type, and a description of the event.
The team member’s IP address.
The date and time of the action, including the team member’s time zone.

Audit logs dashboard

You can use filters to view audit log events by date range, event type, and team member. Select your filters, then click Apply.

Export audit logs from the dashboard

You can filter the results of the audit logs, and export the results as a CSV file.

To export audit logs, do the following:

Filter your results by selecting a date range, event type, and team member, then click Apply. If you don’t filter your results, Postman exports all data in your audit logs from the last seven days.
Click Export Audit Logs
Click Export to confirm. You’ll receive an email with the CSV file.
In the email, click Download Audit Logs to download the CSV file. The link in the email is valid for one hour.

Access audit logs with the Postman API

You can also access audit logs with the Postman API, enabling you to integrate Postman’s audit logs with your security information and event management (SIEM) tools.

To get started with the Postman API, you must first generate a Postman API key. Learn more about the Postman API, and how to integrate it into your development toolchain.

For a complete list of audit log events, use the Postman API’s GET /audit-actions endpoint.

Each audit log event has the following attributes in the response:

Name	Description
`id`	An integer representing the unique identifier of the audit log event.
`ip`	A string with the IP address of the actor who performed the action.
`userAgent`	A string with the user agent of the actor.
`action`	A string with the event type.
`timestamp`	A string with the date and time when the actor performed the action. The time stamp is represented using the ISO 8601 date and time format.
`message`	A string with the description of the audit log event.
`data`	An object that holds the `actor`, `user`, `team`, and `variables` objects.
`actor`	An object with information about the team member who performed the action. For example, a team member is the `actor` when they sign in to Postman. The object includes the following properties: `name` - A string with the actor’s name. `username` - A string with the actor’s username. `email` - A string with the actor’s email address. `id` - An integer representing the unique identifier of the actor. `active` - A Boolean of whether the actor’s account is active in the team.
`user`	An object with information about the team member who was affected by the action. For example, a team member is the `user` when their role is updated by another team member. The object includes the following properties: `name` - A string with the user’s name. `username` - A string with the user’s username. `email` - A string with the user’s email address. `id` - An integer representing the unique identifier of the user.
`team`	An object with information about the actor and user’s team. The object includes the following properties: `name` - A string with the team’s name. `id` - An integer representing the unique identifier of the team.
`variables`	An object with details about the performed action. For example, details about the created API key or updated roles for a user.
`nextCursor`	A string that represents the cursor of the next page.

This feature is available on Postman Enterprise plans. For more information, see the pricing page.

Postman offers audit logs for 180 days.

View audit logs in the dashboard

Admins and Super Admins can view audit logs for your team in your Audit Logs dashboard. To view audit logs, open Postman and select Team > Audit Logs in the Postman header.

Each audit log event includes the following information:

The team member who performed the action, and their email address.
The event type, and a description of the event.
The team member’s IP address.
The date and time of the action, including the team member’s time zone.

Audit logs dashboard

You can use filters to view audit log events by date range, event type, and team member. Select your filters, then click Apply.

Export audit logs from the dashboard

You can filter the results of the audit logs, and export the results as a CSV file.

To export audit logs, do the following:

Filter your results by selecting a date range, event type, and team member, then click Apply. If you don’t filter your results, Postman exports all data in your audit logs from the last seven days.
Click Export Audit Logs
Click Export to confirm. You’ll receive an email with the CSV file.
In the email, click Download Audit Logs to download the CSV file. The link in the email is valid for one hour.

Access audit logs with the Postman API

You can also access audit logs with the Postman API, enabling you to integrate Postman’s audit logs with your security information and event management (SIEM) tools.

To get started with the Postman API, you must first generate a Postman API key. Learn more about the Postman API, and how to integrate it into your development toolchain.

For a complete list of audit log events, use the Postman API’s GET /audit-actions endpoint.

Each audit log event has the following attributes in the response:

Name	Description
`id`	An integer representing the unique identifier of the audit log event.
`ip`	A string with the IP address of the actor who performed the action.
`userAgent`	A string with the user agent of the actor.
`action`	A string with the event type.
`timestamp`	A string with the date and time when the actor performed the action. The time stamp is represented using the ISO 8601 date and time format.
`message`	A string with the description of the audit log event.
`data`	An object that holds the `actor`, `user`, `team`, and `variables` objects.
`actor`	An object with information about the team member who performed the action. For example, a team member is the `actor` when they sign in to Postman. The object includes the following properties: `name` - A string with the actor’s name. `username` - A string with the actor’s username. `email` - A string with the actor’s email address. `id` - An integer representing the unique identifier of the actor. `active` - A Boolean of whether the actor’s account is active in the team.
`user`	An object with information about the team member who was affected by the action. For example, a team member is the `user` when their role is updated by another team member. The object includes the following properties: `name` - A string with the user’s name. `username` - A string with the user’s username. `email` - A string with the user’s email address. `id` - An integer representing the unique identifier of the user.
`team`	An object with information about the actor and user’s team. The object includes the following properties: `name` - A string with the team’s name. `id` - An integer representing the unique identifier of the team.
`variables`	An object with details about the performed action. For example, details about the created API key or updated roles for a user.
`nextCursor`	A string that represents the cursor of the next page.