Audit Logs API (v1.0)

Managing audit logs

Get logs

Returns paginated and filtered audit logs.

Authorizations:

iam_token_account_scoped

query Parameters

cursor	string Example: cursor=eyJpZCI6IjU3ZmRmNWFkLWUwZDMtNDNkNS04ODUxLTIzYjhmMjVjMGQ5NSIsImNyZWF0ZWRfYXQiOiIyMDI1LTA2LTI1VDEwOjA1OjE1LjAyNzk1ODMzN1oifQ An optional, opaque pagination token. Pass the `next_cursor` value returned in the previous POST /v1/logs response to retrieve the next page of log entries. If absent, the first page of results is returned.
dir	string Enum: "backward" "forward" An optional parameter that controls the chronological direction of the returned log entries. Use `forward` to sort results from oldest to newest. Use `backward` to sort results from newest to oldest. If omitted, the default is `forward`.
limit	integer [ 1 .. 1000 ] An optional parameter that sets the maximum number of log entries to return per page. Must be a positive integer no greater than 1000. If omitted, the service’s default page size is applied.

Request Body schema: application/json

event_saved_time_from	string <date-time> Start of the log time range, in RFC 3339 (ISO 8601) format.
event_saved_time_to	string <date-time> End of the log time range, in RFC 3339 (ISO 8601) format.
event_types	Array of strings Filter logs by one or more event types.
project_ids	Array of strings Filter logs by one or more project IDs.
source_types	Array of strings Filter logs by one or more source types.

Responses

Request samples

Payload

Content type

application/json

{"event_saved_time_from": "2025-06-10T13:00:01+00:00",
"event_saved_time_to": "2025-07-10T13:00:01+00:00",
"event_types": ["iam.account.fill",
"iam.account.enforce_grey_network"
],
"project_ids": ["2128277041c64440a1a10cdfc0fe1a5f"
],
"source_types": ["iam",
"billing",
"cloud"
]
}

Response samples

Content type

application/json

{"pagination": {"next_cursor": "eyJpZCI6ImM5OThjNjJkLWRjMjUtNGY0Ny1iZGJiLTNhM2NlZmU2OGVkNiIsImNyZWF0ZWRfYXQiOiIyMDI1LTA2LTI1VDEwOjA1OjE2LjgzNDY1MDk2MloifQ",
"prev_cursor": "eyJpZCI6IjU3ZmRmNWFkLWUwZDMtNDNkNS04ODUxLTIzYjhmMjVjMGQ5NSIsImNyZWF0ZWRfYXQiOiIyMDI1LTA2LTI1VDEwOjA1OjE1LjAyNzk1ODMzN1oifQ",
"count": 1000
},
"data": [{"event_saved_time": "2025-06-19T08:00:13Z",
"event_id": "0c3ba20f-c3db-4ef0-8d48-b9b2bef7c3f1",
"event_type": "iam.user.login",
"event_time": "2025-06-19T07:30:13Z",
"status": "success",
"error_code": "",
"request_id": "910d8e34e368d33a8c2989311ad44dec",
"subject": {"id": "4436561_123",
"type": "employee",
"name": "service",
"auth_provider": "keystone",
"is_authorized": true,
"authorized_by": ["member"
],
"credentials_fingerprint": "5ec914e26d9567b07cdd815c1d353cbc"
},
"resource": {"id": "4436532",
"type": "iam.user",
"name": "314014",
"account_id": "4436532",
"project_id": "2128277041c64440a1a10cdfc0fe1a5f",
"location": "ru-1",
"old_values": {"name": "old_name"
},
"new_values": {"name": "new_name"
}
},
"source_type": "string",
"request": {"remote_address": "108.171.39.255",
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36",
"type": "http",
"path": "/v1/test",
"method": "POST",
"parameters": "?test=query"
},
"schema_version": "1.0.0"
}
]
}