Audit Logs
The audit log shows various changes in a Zendesk account since the account was created. Records of these changes are saved indefinitely and you can view the entire change history. For more information, see Viewing the audit log for changes in Zendesk help.
The Audit Logs endpoints are only available on the Enterprise plan.
JSON format
Audit Logs are represented as JSON objects with the following properties:
Name | Type | Read-only | Mandatory | Description |
---|---|---|---|---|
action | string | true | false | Type of change made. Possible values are "create", "destroy", "exported", "login", and "update" |
action_label | string | true | false | Localized string of action field |
actor_id | integer | true | false | id of the user or system that initiated the change |
actor_name | string | true | false | Name of the user or system that initiated the change |
change_description | string | true | false | The description of the change that occurred |
created_at | string | true | false | The time the audit got created |
id | integer | true | false | The id automatically assigned upon creation |
ip_address | string | true | false | The IP address of the user doing the audit |
source_id | integer | true | false | The id of the item being audited |
source_label | string | true | false | The name of the item being audited |
source_type | string | true | false | Item type being audited. Typically describes the system where the change was initiated. Possible values vary based on your account's Zendesk products and activity. Common values include "apitoken", "rule", "ticket", "user", and "zendesk/app_market/app". The "rule" value is used for automations, macros, triggers, views, and other automated business rules |
url | string | true | false | The URL to access the audit log |
Example
{
"action": "update",
"action_label": "Updated",
"actor_id": 1234,
"actor_name": "Sameer Patel",
"change_description": "Role changed from Administrator to End User",
"created_at": "2012-03-05T11:32:44Z",
"id": 498483,
"ip_address": "209.119.38.228",
"source_id": 3456,
"source_label": "John Doe",
"source_type": "user",
"url": "https://company.zendesk.com/api/v2/audit_logs/498483.json"
}
List Audit Logs
GET /api/v2/audit_logs
Allowed For
- Admins on accounts that have audit log access
Pagination
- Cursor pagination (recommended)
- Offset pagination
See Pagination.
Returns a maximum of 100 records per page.
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
filter[action] | string | Query | false | Filter audit logs by the action |
filter[actor_id] | integer | Query | false | Filter audit logs by the actor id |
filter[created_at] | string | Query | false | Filter audit logs by the time of creation |
filter[ip_address] | string | Query | false | Filter audit logs by the ip address |
filter[source_id] | integer | Query | false | Filter audit logs by the source id. Requires filter[source_type] to also be set. |
filter[source_type] | string | Query | false | Filter audit logs by the source type. For example, user or rule |
sort | string | Query | false | Cursor pagination only. Sort audit logs. Default is sort=-created_at |
sort_by | string | Query | false | Offset pagination only. Sort audit logs. Default is sort_by=created_at |
sort_order | string | Query | false | Offset pagination only. Sort audit logs. Default is sort_order=desc |
Code Samples
curl
curl -g 'https://helpdesk.zendesk.com/api/v2/audit_logs.json?filter[source_type]=user&filter[source_id]=123' \
-v -u {email_address}:{password}
Go
import (
"fmt"
"io"
"net/http"
)
func main() {
url := "https://example.zendesk.com/api/v2/audit_logs?filter[action]=&filter[actor_id]=&filter[created_at]=&filter[ip_address]=&filter[source_id]=&filter[source_type]=&sort=&sort_by=&sort_order="
method := "GET"
req, err := http.NewRequest(method, url, nil)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Authorization", "Basic <auth-value>") // Base64 encoded "username:password"
client := &http.Client {}
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}
Java
import com.squareup.okhttp.*;
OkHttpClient client = new OkHttpClient();
HttpUrl.Builder urlBuilder = HttpUrl.parse("https://example.zendesk.com/api/v2/audit_logs")
.newBuilder()
.addQueryParameter("filter[action]", "")
.addQueryParameter("filter[actor_id]", "")
.addQueryParameter("filter[created_at]", "")
.addQueryParameter("filter[ip_address]", "")
.addQueryParameter("filter[source_id]", "")
.addQueryParameter("filter[source_type]", "")
.addQueryParameter("sort", "")
.addQueryParameter("sort_by", "")
.addQueryParameter("sort_order", "");
Request request = new Request.Builder()
.url(urlBuilder.build())
.method("GET", null)
.addHeader("Content-Type", "application/json")
.addHeader("Authorization", Credentials.basic("your-email", "your-password"))
.build();
Response response = client.newCall(request).execute();
Nodejs
var axios = require('axios');
var config = {
method: 'GET',
url: 'https://example.zendesk.com/api/v2/audit_logs',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Basic <auth-value>', // Base64 encoded "username:password"
},
params: {
'filter[action]': '',
'filter[actor_id]': '',
'filter[created_at]': '',
'filter[ip_address]': '',
'filter[source_id]': '',
'filter[source_type]': '',
'sort': '',
'sort_by': '',
'sort_order': '',
},
};
axios(config)
.then(function (response) {
console.log(JSON.stringify(response.data));
})
.catch(function (error) {
console.log(error);
});
Python
import requests
url = "https://example.zendesk.com/api/v2/audit_logs?filter[action]=&filter[actor_id]=&filter[created_at]=&filter[ip_address]=&filter[source_id]=&filter[source_type]=&sort=&sort_by=&sort_order="
headers = {
"Content-Type": "application/json",
}
response = requests.request(
"GET",
url,
auth=('<username>', '<password>'),
headers=headers
)
print(response.text)
Ruby
require "net/http"
uri = URI("https://example.zendesk.com/api/v2/audit_logs")
uri.query = URI.encode_www_form("filter[action]": "", "filter[actor_id]": "", "filter[created_at]": "", "filter[ip_address]": "", "filter[source_id]": "", "filter[source_type]": "", "sort": "", "sort_by": "", "sort_order": "")
request = Net::HTTP::Get.new(uri, "Content-Type": "application/json")
request.basic_auth "username", "password"
response = Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|
http.request(request)
end
Example response(s)
200 OK
// Status 200 OK
{
"audit_logs": [
{
"action": "update",
"actor_id": 1234,
"actor_name": "Sameer Patel",
"change_description": "Role changed from Administrator to End User",
"created_at": "2012-03-05T11:32:44Z",
"id": 498483,
"ip_address": "209.119.38.228",
"source_id": 3456,
"source_label": "John Doe",
"source_type": "user",
"url": "https://company.zendesk.com/api/v2/audit_logs/498483.json"
}
]
}
Show Audit Log
GET /api/v2/audit_logs/{audit_log_id}
Allowed For
- Admins on accounts that have audit-log access
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
audit_log_id | integer | Path | true | The ID of the audit log |
Code Samples
curl
curl https://helpdesk.zendesk.com/api/v2/audit_logs/{audit_log_id}.json \
-v -u {email_address}:{password}
Go
import (
"fmt"
"io"
"net/http"
)
func main() {
url := "https://example.zendesk.com/api/v2/audit_logs/498483"
method := "GET"
req, err := http.NewRequest(method, url, nil)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Authorization", "Basic <auth-value>") // Base64 encoded "username:password"
client := &http.Client {}
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}
Java
import com.squareup.okhttp.*;
OkHttpClient client = new OkHttpClient();
HttpUrl.Builder urlBuilder = HttpUrl.parse("https://example.zendesk.com/api/v2/audit_logs/498483")
.newBuilder();
Request request = new Request.Builder()
.url(urlBuilder.build())
.method("GET", null)
.addHeader("Content-Type", "application/json")
.addHeader("Authorization", Credentials.basic("your-email", "your-password"))
.build();
Response response = client.newCall(request).execute();
Nodejs
var axios = require('axios');
var config = {
method: 'GET',
url: 'https://example.zendesk.com/api/v2/audit_logs/498483',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Basic <auth-value>', // Base64 encoded "username:password"
},
};
axios(config)
.then(function (response) {
console.log(JSON.stringify(response.data));
})
.catch(function (error) {
console.log(error);
});
Python
import requests
url = "https://example.zendesk.com/api/v2/audit_logs/498483"
headers = {
"Content-Type": "application/json",
}
response = requests.request(
"GET",
url,
auth=('<username>', '<password>'),
headers=headers
)
print(response.text)
Ruby
require "net/http"
uri = URI("https://example.zendesk.com/api/v2/audit_logs/498483")
request = Net::HTTP::Get.new(uri, "Content-Type": "application/json")
request.basic_auth "username", "password"
response = Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|
http.request(request)
end
Example response(s)
200 OK
// Status 200 OK
{
"audit_log": {
"action": "update",
"actor_id": 1234,
"actor_name": "Sameer Patel",
"change_description": "Role changed from Administrator to End User",
"created_at": "2012-03-05T11:32:44Z",
"id": 498483,
"ip_address": "209.119.38.228",
"source_id": 3456,
"source_label": "John Doe",
"source_type": "user",
"url": "https://company.zendesk.com/api/v2/audit_logs/498483.json"
}
}
Export Audit Logs
POST /api/v2/audit_logs/export
Allowed For
- Admins on accounts that have audit log access
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
filter[action] | string | Query | false | Filter audit logs by the action |
filter[actor_id] | integer | Query | false | Filter audit logs by the actor id |
filter[created_at] | string | Query | false | Filter audit logs by the time of creation |
filter[ip_address] | string | Query | false | Filter audit logs by the ip address |
filter[source_id] | integer | Query | false | Filter audit logs by the source id. Requires filter[source_type] to also be set. |
filter[source_type] | string | Query | false | Filter audit logs by the source type. For example, user or rule |
Code Samples
curl
curl https://helpdesk.zendesk.com/api/v2/audit_logs/export.json \
-v -u {email_address}:{password}
Go
import (
"fmt"
"io"
"net/http"
)
func main() {
url := "https://example.zendesk.com/api/v2/audit_logs/export?filter[action]=&filter[actor_id]=&filter[created_at]=&filter[ip_address]=&filter[source_id]=&filter[source_type]="
method := "POST"
req, err := http.NewRequest(method, url, nil)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Authorization", "Basic <auth-value>") // Base64 encoded "username:password"
client := &http.Client {}
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}
Java
import com.squareup.okhttp.*;
OkHttpClient client = new OkHttpClient();
HttpUrl.Builder urlBuilder = HttpUrl.parse("https://example.zendesk.com/api/v2/audit_logs/export")
.newBuilder()
.addQueryParameter("filter[action]", "")
.addQueryParameter("filter[actor_id]", "")
.addQueryParameter("filter[created_at]", "")
.addQueryParameter("filter[ip_address]", "")
.addQueryParameter("filter[source_id]", "")
.addQueryParameter("filter[source_type]", "");
RequestBody body = RequestBody.create(MediaType.parse("application/json"),
"""
""");
Request request = new Request.Builder()
.url(urlBuilder.build())
.method("POST", body)
.addHeader("Content-Type", "application/json")
.addHeader("Authorization", Credentials.basic("your-email", "your-password"))
.build();
Response response = client.newCall(request).execute();
Nodejs
var axios = require('axios');
var config = {
method: 'POST',
url: 'https://example.zendesk.com/api/v2/audit_logs/export',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Basic <auth-value>', // Base64 encoded "username:password"
},
params: {
'filter[action]': '',
'filter[actor_id]': '',
'filter[created_at]': '',
'filter[ip_address]': '',
'filter[source_id]': '',
'filter[source_type]': '',
},
};
axios(config)
.then(function (response) {
console.log(JSON.stringify(response.data));
})
.catch(function (error) {
console.log(error);
});
Python
import requests
url = "https://example.zendesk.com/api/v2/audit_logs/export?filter[action]=&filter[actor_id]=&filter[created_at]=&filter[ip_address]=&filter[source_id]=&filter[source_type]="
headers = {
"Content-Type": "application/json",
}
response = requests.request(
"POST",
url,
auth=('<username>', '<password>'),
headers=headers
)
print(response.text)
Ruby
require "net/http"
uri = URI("https://example.zendesk.com/api/v2/audit_logs/export")
uri.query = URI.encode_www_form("filter[action]": "", "filter[actor_id]": "", "filter[created_at]": "", "filter[ip_address]": "", "filter[source_id]": "", "filter[source_type]": "")
request = Net::HTTP::Post.new(uri, "Content-Type": "application/json")
request.basic_auth "username", "password"
response = Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|
http.request(request)
end
Example response(s)
202 Accepted
// Status 202 Accepted
null