Management
Audit Logs
The Audit Logs endpoint allows administrators to retrieve detailed logs of events within their workspace, such as changes to user memberships, groups, collections, and more.
NOTE:
-
Only Workspace Tokens are allowed to access this endpoint. Member tokens or Personal tokens won’t work. Note that only Workspace admins can generate Workspace Tokens.
-
Timestamps in the response are in ISO 8601 format (
YYYY-MM-DDTHH:mm:ss.sssZ).
Audit Log object
| Properties | |
|
id |
string |
|
action |
string |
|
description |
string |
|
context |
object |
|
actor |
object |
|
entity |
object |
|
timestamp |
string |
|
workspace_username |
string |
{
"id": "12326c8c-3c13-45a3-9b36-5a16d42937db",
"action": "connection_group_added_with_role",
"description": "group added to connection",
"timestamp": "2025-02-18T10:47:37.000000Z",
"workspace_username": "charismabrotherscorp",
"context": {
"group_id": "4f68a254168a",
"role": "view",
"group_name": "internalgroup",
"correlation_id": "12321917-5e07-4094-ae08-1b6254a2a6c8"
},
"actor": {
"ip": "157.52.123.42",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36",
"user_id": "af03c0246b82",
"username": "peter_parker"
},
"entity": {
"entity_name": "Star Space",
"entity_type": "workspace_connection",
"entity_id": "af5aaf31658b"
}
}
Retrieve audit logs
To retrieve audit logs for a workspace, send a GET request to the audit_logs resource along with the required query parameters and additionally you may pass more query parameters to filter out audit logs based on them.
See Query Params section below to find out more about the required and additional filtering query params.
| URL Params | ||
|
workspace required |
string |
Workspace username
|
| Query Params | ||
|
start_timestamp required |
string | The start of the time range for audit logs (ISO 8601 format). |
|
end_timestamp required |
string | The end of the time range for audit logs (ISO 8601 format). |
|
action |
string | The type of action performed. |
|
entity_id |
string | The ID of the entity to filter logs. |
|
entity_type |
string | The type/category of the entity to filter logs. |
|
entity_name |
string | The name of the entity affected by the action. |
|
username |
string | The username of the user performing the action. |
|
ip |
string | The IP address of the client device that initiated the action. |
|
event_source |
string | The source of the event to filter logs. |
|
next_token |
string | Token for fetching logs of the next page. |
| Responses | |
|
200 |
A list of audit logs matching the given filters. |
|
400 |
Bad request |
|
401 |
Unauthorized |
|
403 |
Forbidden |
GET
/{workspace}
curl --include \
--header "Content-Type: application/json" \
'https://app.mode.com/api/{workspace}/audit_logs'