Get audit logs with filters

GET 
/v1/audit-log

Query audit logs with comprehensive filtering options.

Filtering by user: Use 'userIds' parameter with comma-separated user IDs or 'userEmails' parameter with comma-separated user emails.

Filtering by domain: Use 'domainIds' parameter with comma-separated domain IDs.

Filtering by domain group: Use 'domainGroupIds' parameter with comma-separated domain group IDs.

Filtering by action category: Use 'actionCategories' parameter with one or more of:

• DOMAINS: Domain-related actions
• DOMAIN_GROUPS: Domain group actions
• MANAGED_SERVICES: Managed DMARC, BIMI, MTA-STS, EasySPF actions
• USER_MANAGEMENT: User invitation, revocation, permission changes
• BILLING: Billing details, plan upgrades, cancellations
• SECURITY_FEATURES: MFA setup/removal
• ORGANIZATION_SECURITY: SSO setup, account termination
• LOGIN_AND_LOGOUT: Login, logout, device actions
• INTEGRATIONS: Integration connections, token generation
• ALERTING: Alert creation, modification, deletion
• RUF: Failure report actions
• RUA: Aggregate report actions
• PERSONAL_SETTINGS: Name changes
• REPORTING: Scheduled report actions, whitelabel, SMTP setup
• LABEL_MANAGEMENT: Label creation, modification, deletion

Filtering by specific actions: Use 'actions' parameter with specific AuditLogAction values.

Date range: Use 'startDate' and 'endDate' parameters (ISO 8601 format).

Request

Responses

200

Successfully returned audit logs.

400

Request is invalid.

401

Request authentication is required.

403

Request is not authorized.