gitlab-org--gitlab-foss/doc/api/audit_events.md

# Audit Events API

## Instance Audit Events **(PREMIUM ONLY)**

The Audit Events API allows you to retrieve [instance audit events](../administration/audit_events.md#instance-events-premium-only).

To retrieve audit events using the API, you must [authenticate yourself](README.md#authentication) as an Administrator.

### Retrieve all instance audit events

```plaintext
GET /audit_events
```

| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `created_after` | string | no | Return audit events created on or after the given time. Format: ISO 8601 YYYY-MM-DDTHH:MM:SSZ  |
| `created_before` | string | no | Return audit events created on or before the given time. Format: ISO 8601 YYYY-MM-DDTHH:MM:SSZ |
| `entity_type` | string | no | Return audit events for the given entity type. Valid values are: `User`, `Group`, or `Project`.  |
| `entity_id` | integer | no | Return audit events for the given entity ID. Requires `entity_type` attribute to be present. |

By default, `GET` requests return 20 results at a time because the API results
are paginated.

Read more on [pagination](README.md#pagination).

```shell
curl --header "PRIVATE-TOKEN: <your_access_token>" https://primary.example.com/api/v4/audit_events
```

Example response:

```json
[
  {
    "id": 1,
    "author_id": 1,
    "entity_id": 6,
    "entity_type": "Project",
    "details": {
      "custom_message": "Project archived",
      "author_name": "Administrator",
      "target_id": "flightjs/flight",
      "target_type": "Project",
      "target_details": "flightjs/flight",
      "ip_address": "127.0.0.1",
      "entity_path": "flightjs/flight"
    },
    "created_at": "2019-08-30T07:00:41.885Z"
  },
  {
    "id": 2,
    "author_id": 1,
    "entity_id": 60,
    "entity_type": "Group",
    "details": {
      "add": "group",
      "author_name": "Administrator",
      "target_id": "flightjs",
      "target_type": "Group",
      "target_details": "flightjs",
      "ip_address": "127.0.0.1",
      "entity_path": "flightjs"
    },
    "created_at": "2019-08-27T18:36:44.162Z"
  },
  {
    "id": 3,
    "author_id": 51,
    "entity_id": 51,
    "entity_type": "User",
    "details": {
      "change": "email address",
      "from": "hello@flightjs.com",
      "to": "maintainer@flightjs.com",
      "author_name": "Andreas",
      "target_id": 51,
      "target_type": "User",
      "target_details": "Andreas",
      "ip_address": null,
      "entity_path": "Andreas"
    },
    "created_at": "2019-08-22T16:34:25.639Z"
  }
]
```

### Retrieve single instance audit event

```plaintext
GET /audit_events/:id
```

| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer | yes | The ID of the audit event |

```shell
curl --header "PRIVATE-TOKEN: <your_access_token>" https://primary.example.com/api/v4/audit_events/1
```

Example response:

```json
{
  "id": 1,
  "author_id": 1,
  "entity_id": 6,
  "entity_type": "Project",
  "details": {
    "custom_message": "Project archived",
    "author_name": "Administrator",
    "target_id": "flightjs/flight",
    "target_type": "Project",
    "target_details": "flightjs/flight",
    "ip_address": "127.0.0.1",
    "entity_path": "flightjs/flight"
  },
  "created_at": "2019-08-30T07:00:41.885Z"
}
```

## Group Audit Events **(STARTER)**

> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/34078) in GitLab 12.5.

The Group Audit Events API allows you to retrieve [group audit events](../administration/audit_events.md#group-events-starter).

To retrieve group audit events using the API, you must [authenticate yourself](README.md#authentication) as an Administrator or an owner of the group.

### Retrieve all group audit events

```plaintext
GET /groups/:id/audit_events
```

| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) |
| `created_after` | string | no | Return group audit events created on or after the given time. Format: ISO 8601 YYYY-MM-DDTHH:MM:SSZ  |
| `created_before` | string | no | Return group audit events created on or before the given time. Format: ISO 8601 YYYY-MM-DDTHH:MM:SSZ |

By default, `GET` requests return 20 results at a time because the API results
are paginated.

Read more on [pagination](README.md#pagination).

```shell
curl --header "PRIVATE-TOKEN: <your_access_token>" https://primary.example.com/api/v4/groups/60/audit_events
```

Example response:

```json
[
  {
    "id": 2,
    "author_id": 1,
    "entity_id": 60,
    "entity_type": "Group",
    "details": {
      "custom_message": "Group marked for deletion",
      "author_name": "Administrator",
      "target_id": "flightjs",
      "target_type": "Group",
      "target_details": "flightjs",
      "ip_address": "127.0.0.1",
      "entity_path": "flightjs"
    },
    "created_at": "2019-08-28T19:36:44.162Z"
  },
  {
    "id": 1,
    "author_id": 1,
    "entity_id": 60,
    "entity_type": "Group",
    "details": {
      "add": "group",
      "author_name": "Administrator",
      "target_id": "flightjs",
      "target_type": "Group",
      "target_details": "flightjs",
      "ip_address": "127.0.0.1",
      "entity_path": "flightjs"
    },
    "created_at": "2019-08-27T18:36:44.162Z"
  }
]
```

### Retrieve a specific group audit event

Only available to group owners and administrators.

```plaintext
GET /groups/:id/audit_events/:audit_event_id
```

| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) |
| `audit_event_id` | integer | yes | The ID of the audit event |

```shell
curl --header "PRIVATE-TOKEN: <your_access_token>" https://primary.example.com/api/v4/groups/60/audit_events/2
```

Example response:

```json
{
  "id": 2,
  "author_id": 1,
  "entity_id": 60,
  "entity_type": "Group",
  "details": {
    "custom_message": "Group marked for deletion",
    "author_name": "Administrator",
    "target_id": "flightjs",
    "target_type": "Group",
    "target_details": "flightjs",
    "ip_address": "127.0.0.1",
    "entity_path": "flightjs"
  },
  "created_at": "2019-08-28T19:36:44.162Z"
}
```
Add latest changes from gitlab-org/gitlab@master 2019-11-14 22:06:34 -05:00			`# Audit Events API`

			`## Instance Audit Events (PREMIUM ONLY)`
Add latest changes from gitlab-org/gitlab@master 2019-09-26 05:06:04 -04:00
			`The Audit Events API allows you to retrieve [instance audit events](../administration/audit_events.md#instance-events-premium-only).`

Add latest changes from gitlab-org/gitlab@master 2020-03-12 02:09:35 -04:00			`To retrieve audit events using the API, you must [authenticate yourself](README.md#authentication) as an Administrator.`
Add latest changes from gitlab-org/gitlab@master 2019-09-26 05:06:04 -04:00
Add latest changes from gitlab-org/gitlab@master 2019-11-14 22:06:34 -05:00			`### Retrieve all instance audit events`
Add latest changes from gitlab-org/gitlab@master 2019-09-26 05:06:04 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-02-27 04:09:01 -05:00			```plaintext
Add latest changes from gitlab-org/gitlab@master 2019-09-26 05:06:04 -04:00			`GET /audit_events`
			```

			`\| Attribute \| Type \| Required \| Description \|`
			`\| --------- \| ---- \| -------- \| ----------- \|`
			\| `created_after` \| string \| no \| Return audit events created on or after the given time. Format: ISO 8601 YYYY-MM-DDTHH:MM:SSZ \|
			\| `created_before` \| string \| no \| Return audit events created on or before the given time. Format: ISO 8601 YYYY-MM-DDTHH:MM:SSZ \|
			\| `entity_type` \| string \| no \| Return audit events for the given entity type. Valid values are: `User`, `Group`, or `Project`. \|
Add latest changes from gitlab-org/gitlab@master 2019-10-29 05:06:10 -04:00			\| `entity_id` \| integer \| no \| Return audit events for the given entity ID. Requires `entity_type` attribute to be present. \|
Add latest changes from gitlab-org/gitlab@master 2019-09-26 05:06:04 -04:00
			By default, `GET` requests return 20 results at a time because the API results
			`are paginated.`

			`Read more on [pagination](README.md#pagination).`

Add latest changes from gitlab-org/gitlab@master 2020-01-30 10:09:15 -05:00			```shell
Add latest changes from gitlab-org/gitlab@master 2019-09-26 05:06:04 -04:00			`curl --header "PRIVATE-TOKEN: <your_access_token>" https://primary.example.com/api/v4/audit_events`
			```

			`Example response:`

			```json
			`[`
			`{`
			`"id": 1,`
			`"author_id": 1,`
			`"entity_id": 6,`
			`"entity_type": "Project",`
			`"details": {`
			`"custom_message": "Project archived",`
			`"author_name": "Administrator",`
			`"target_id": "flightjs/flight",`
			`"target_type": "Project",`
			`"target_details": "flightjs/flight",`
			`"ip_address": "127.0.0.1",`
			`"entity_path": "flightjs/flight"`
			`},`
			`"created_at": "2019-08-30T07:00:41.885Z"`
			`},`
			`{`
			`"id": 2,`
			`"author_id": 1,`
			`"entity_id": 60,`
			`"entity_type": "Group",`
			`"details": {`
			`"add": "group",`
			`"author_name": "Administrator",`
			`"target_id": "flightjs",`
			`"target_type": "Group",`
			`"target_details": "flightjs",`
			`"ip_address": "127.0.0.1",`
			`"entity_path": "flightjs"`
			`},`
			`"created_at": "2019-08-27T18:36:44.162Z"`
			`},`
			`{`
			`"id": 3,`
			`"author_id": 51,`
			`"entity_id": 51,`
			`"entity_type": "User",`
			`"details": {`
			`"change": "email address",`
			`"from": "hello@flightjs.com",`
			`"to": "maintainer@flightjs.com",`
			`"author_name": "Andreas",`
			`"target_id": 51,`
			`"target_type": "User",`
			`"target_details": "Andreas",`
			`"ip_address": null,`
			`"entity_path": "Andreas"`
			`},`
			`"created_at": "2019-08-22T16:34:25.639Z"`
			`}`
			`]`
			```

Add latest changes from gitlab-org/gitlab@master 2019-11-14 22:06:34 -05:00			`### Retrieve single instance audit event`
Add latest changes from gitlab-org/gitlab@master 2019-09-26 05:06:04 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-02-27 04:09:01 -05:00			```plaintext
Add latest changes from gitlab-org/gitlab@master 2019-09-26 05:06:04 -04:00			`GET /audit_events/:id`
			```

Add latest changes from gitlab-org/gitlab@master 2020-03-09 17:07:57 -04:00			`\| Attribute \| Type \| Required \| Description \|`
			`\| --------- \| ---- \| -------- \| ----------- \|`
			\| `id` \| integer \| yes \| The ID of the audit event \|

Add latest changes from gitlab-org/gitlab@master 2020-01-30 10:09:15 -05:00			```shell
Add latest changes from gitlab-org/gitlab@master 2019-09-26 05:06:04 -04:00			`curl --header "PRIVATE-TOKEN: <your_access_token>" https://primary.example.com/api/v4/audit_events/1`
			```

			`Example response:`

			```json
			`{`
			`"id": 1,`
			`"author_id": 1,`
			`"entity_id": 6,`
			`"entity_type": "Project",`
			`"details": {`
			`"custom_message": "Project archived",`
			`"author_name": "Administrator",`
			`"target_id": "flightjs/flight",`
			`"target_type": "Project",`
			`"target_details": "flightjs/flight",`
			`"ip_address": "127.0.0.1",`
			`"entity_path": "flightjs/flight"`
			`},`
			`"created_at": "2019-08-30T07:00:41.885Z"`
			`}`
			```
Add latest changes from gitlab-org/gitlab@master 2019-11-14 22:06:34 -05:00
			`## Group Audit Events (STARTER)`

			`> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/34078) in GitLab 12.5.`

Add latest changes from gitlab-org/gitlab@master 2020-01-24 04:08:32 -05:00			`The Group Audit Events API allows you to retrieve [group audit events](../administration/audit_events.md#group-events-starter).`
Add latest changes from gitlab-org/gitlab@master 2019-11-14 22:06:34 -05:00
Add latest changes from gitlab-org/gitlab@master 2020-03-12 02:09:35 -04:00			`To retrieve group audit events using the API, you must [authenticate yourself](README.md#authentication) as an Administrator or an owner of the group.`
Add latest changes from gitlab-org/gitlab@master 2019-11-14 22:06:34 -05:00
			`### Retrieve all group audit events`

Add latest changes from gitlab-org/gitlab@master 2020-02-27 04:09:01 -05:00			```plaintext
Add latest changes from gitlab-org/gitlab@master 2019-11-14 22:06:34 -05:00			`GET /groups/:id/audit_events`
			```

			`\| Attribute \| Type \| Required \| Description \|`
			`\| --------- \| ---- \| -------- \| ----------- \|`
			\| `id` \| integer/string \| yes \| The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) \|
			\| `created_after` \| string \| no \| Return group audit events created on or after the given time. Format: ISO 8601 YYYY-MM-DDTHH:MM:SSZ \|
			\| `created_before` \| string \| no \| Return group audit events created on or before the given time. Format: ISO 8601 YYYY-MM-DDTHH:MM:SSZ \|

			By default, `GET` requests return 20 results at a time because the API results
			`are paginated.`

			`Read more on [pagination](README.md#pagination).`

Add latest changes from gitlab-org/gitlab@master 2020-01-30 10:09:15 -05:00			```shell
Add latest changes from gitlab-org/gitlab@master 2019-11-14 22:06:34 -05:00			`curl --header "PRIVATE-TOKEN: <your_access_token>" https://primary.example.com/api/v4/groups/60/audit_events`
			```

			`Example response:`

			```json
			`[`
			`{`
			`"id": 2,`
			`"author_id": 1,`
			`"entity_id": 60,`
			`"entity_type": "Group",`
			`"details": {`
			`"custom_message": "Group marked for deletion",`
			`"author_name": "Administrator",`
			`"target_id": "flightjs",`
			`"target_type": "Group",`
			`"target_details": "flightjs",`
			`"ip_address": "127.0.0.1",`
			`"entity_path": "flightjs"`
			`},`
			`"created_at": "2019-08-28T19:36:44.162Z"`
			`},`
			`{`
			`"id": 1,`
			`"author_id": 1,`
			`"entity_id": 60,`
			`"entity_type": "Group",`
			`"details": {`
			`"add": "group",`
			`"author_name": "Administrator",`
			`"target_id": "flightjs",`
			`"target_type": "Group",`
			`"target_details": "flightjs",`
			`"ip_address": "127.0.0.1",`
			`"entity_path": "flightjs"`
			`},`
			`"created_at": "2019-08-27T18:36:44.162Z"`
			`}`
			`]`
			```

			`### Retrieve a specific group audit event`

			`Only available to group owners and administrators.`

Add latest changes from gitlab-org/gitlab@master 2020-02-27 04:09:01 -05:00			```plaintext
Add latest changes from gitlab-org/gitlab@master 2019-11-14 22:06:34 -05:00			`GET /groups/:id/audit_events/:audit_event_id`
			```

			`\| Attribute \| Type \| Required \| Description \|`
			`\| --------- \| ---- \| -------- \| ----------- \|`
			\| `id` \| integer/string \| yes \| The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) \|
Add latest changes from gitlab-org/gitlab@master 2020-03-09 17:07:57 -04:00			\| `audit_event_id` \| integer \| yes \| The ID of the audit event \|
Add latest changes from gitlab-org/gitlab@master 2019-11-14 22:06:34 -05:00
Add latest changes from gitlab-org/gitlab@master 2020-01-30 10:09:15 -05:00			```shell
Add latest changes from gitlab-org/gitlab@master 2019-11-14 22:06:34 -05:00			`curl --header "PRIVATE-TOKEN: <your_access_token>" https://primary.example.com/api/v4/groups/60/audit_events/2`
			```

			`Example response:`

			```json
			`{`
			`"id": 2,`
			`"author_id": 1,`
			`"entity_id": 60,`
			`"entity_type": "Group",`
			`"details": {`
			`"custom_message": "Group marked for deletion",`
			`"author_name": "Administrator",`
			`"target_id": "flightjs",`
			`"target_type": "Group",`
			`"target_details": "flightjs",`
			`"ip_address": "127.0.0.1",`
			`"entity_path": "flightjs"`
			`},`
			`"created_at": "2019-08-28T19:36:44.162Z"`
			`}`
			```