2020-10-26 17:08:22 -04:00
---
2021-01-06 19:10:16 -05:00
stage: Manage
group: Compliance
2020-11-26 01:09:20 -05:00
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
2020-10-26 17:08:22 -04:00
---
2019-11-14 22:06:34 -05:00
# Audit Events API
2021-03-12 19:09:16 -05:00
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/121) in GitLab 12.4.
2021-01-28 07:09:54 -05:00
## Instance Audit Events **(PREMIUM SELF)**
2019-09-26 05:06:04 -04:00
2020-09-07 11:09:04 -04:00
The Audit Events API allows you to retrieve [instance audit events ](../administration/audit_events.md#instance-events ).
2019-09-26 05:06:04 -04:00
2020-03-12 02:09:35 -04:00
To retrieve audit events using the API, you must [authenticate yourself ](README.md#authentication ) as an Administrator.
2019-09-26 05:06:04 -04:00
2019-11-14 22:06:34 -05:00
### Retrieve all instance audit events
2019-09-26 05:06:04 -04:00
2020-02-27 04:09:01 -05:00
```plaintext
2019-09-26 05:06:04 -04:00
GET /audit_events
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `created_after` | string | no | Return audit events created on or after the given time. Format: ISO 8601 YYYY-MM-DDTHH:MM:SSZ |
| `created_before` | string | no | Return audit events created on or before the given time. Format: ISO 8601 YYYY-MM-DDTHH:MM:SSZ |
| `entity_type` | string | no | Return audit events for the given entity type. Valid values are: `User` , `Group` , or `Project` . |
2019-10-29 05:06:10 -04:00
| `entity_id` | integer | no | Return audit events for the given entity ID. Requires `entity_type` attribute to be present. |
2019-09-26 05:06:04 -04:00
By default, `GET` requests return 20 results at a time because the API results
are paginated.
Read more on [pagination ](README.md#pagination ).
2020-01-30 10:09:15 -05:00
```shell
2020-05-27 20:08:37 -04:00
curl --header "PRIVATE-TOKEN: < your_access_token > " "https://primary.example.com/api/v4/audit_events"
2019-09-26 05:06:04 -04:00
```
Example response:
```json
[
{
"id": 1,
"author_id": 1,
"entity_id": 6,
"entity_type": "Project",
"details": {
"custom_message": "Project archived",
"author_name": "Administrator",
"target_id": "flightjs/flight",
"target_type": "Project",
"target_details": "flightjs/flight",
"ip_address": "127.0.0.1",
"entity_path": "flightjs/flight"
},
"created_at": "2019-08-30T07:00:41.885Z"
},
{
"id": 2,
"author_id": 1,
"entity_id": 60,
"entity_type": "Group",
"details": {
"add": "group",
"author_name": "Administrator",
"target_id": "flightjs",
"target_type": "Group",
"target_details": "flightjs",
"ip_address": "127.0.0.1",
"entity_path": "flightjs"
},
"created_at": "2019-08-27T18:36:44.162Z"
},
{
"id": 3,
"author_id": 51,
"entity_id": 51,
"entity_type": "User",
"details": {
"change": "email address",
"from": "hello@flightjs.com",
"to": "maintainer@flightjs.com",
"author_name": "Andreas",
"target_id": 51,
"target_type": "User",
"target_details": "Andreas",
"ip_address": null,
"entity_path": "Andreas"
},
"created_at": "2019-08-22T16:34:25.639Z"
}
]
```
2019-11-14 22:06:34 -05:00
### Retrieve single instance audit event
2019-09-26 05:06:04 -04:00
2020-02-27 04:09:01 -05:00
```plaintext
2019-09-26 05:06:04 -04:00
GET /audit_events/:id
```
2020-03-09 17:07:57 -04:00
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer | yes | The ID of the audit event |
2020-01-30 10:09:15 -05:00
```shell
2020-05-27 20:08:37 -04:00
curl --header "PRIVATE-TOKEN: < your_access_token > " "https://primary.example.com/api/v4/audit_events/1"
2019-09-26 05:06:04 -04:00
```
Example response:
```json
{
"id": 1,
"author_id": 1,
"entity_id": 6,
"entity_type": "Project",
"details": {
"custom_message": "Project archived",
"author_name": "Administrator",
"target_id": "flightjs/flight",
"target_type": "Project",
"target_details": "flightjs/flight",
"ip_address": "127.0.0.1",
"entity_path": "flightjs/flight"
},
"created_at": "2019-08-30T07:00:41.885Z"
}
```
2019-11-14 22:06:34 -05:00
2021-02-04 13:09:22 -05:00
## Group Audit Events **(PREMIUM)**
2019-11-14 22:06:34 -05:00
2020-05-21 02:08:25 -04:00
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/34078) in GitLab 12.5.
2019-11-14 22:06:34 -05:00
2020-09-07 11:09:04 -04:00
The Group Audit Events API allows you to retrieve [group audit events ](../administration/audit_events.md#group-events ).
2019-11-14 22:06:34 -05:00
2020-12-09 16:09:43 -05:00
A user with a Owner role (or above) can retrieve group audit events of all users.
A user with a Developer or Maintainer role is limited to group audit events based on their individual actions.
2019-11-14 22:06:34 -05:00
### Retrieve all group audit events
2020-02-27 04:09:01 -05:00
```plaintext
2019-11-14 22:06:34 -05:00
GET /groups/:id/audit_events
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the group ](README.md#namespaced-path-encoding ) |
| `created_after` | string | no | Return group audit events created on or after the given time. Format: ISO 8601 YYYY-MM-DDTHH:MM:SSZ |
| `created_before` | string | no | Return group audit events created on or before the given time. Format: ISO 8601 YYYY-MM-DDTHH:MM:SSZ |
By default, `GET` requests return 20 results at a time because the API results
are paginated.
Read more on [pagination ](README.md#pagination ).
2020-01-30 10:09:15 -05:00
```shell
2020-05-27 20:08:37 -04:00
curl --header "PRIVATE-TOKEN: < your_access_token > " "https://primary.example.com/api/v4/groups/60/audit_events"
2019-11-14 22:06:34 -05:00
```
Example response:
```json
[
{
"id": 2,
"author_id": 1,
"entity_id": 60,
"entity_type": "Group",
"details": {
"custom_message": "Group marked for deletion",
"author_name": "Administrator",
"target_id": "flightjs",
"target_type": "Group",
"target_details": "flightjs",
"ip_address": "127.0.0.1",
"entity_path": "flightjs"
},
"created_at": "2019-08-28T19:36:44.162Z"
},
{
"id": 1,
"author_id": 1,
"entity_id": 60,
"entity_type": "Group",
"details": {
"add": "group",
"author_name": "Administrator",
"target_id": "flightjs",
"target_type": "Group",
"target_details": "flightjs",
"ip_address": "127.0.0.1",
"entity_path": "flightjs"
},
"created_at": "2019-08-27T18:36:44.162Z"
}
]
```
### Retrieve a specific group audit event
Only available to group owners and administrators.
2020-02-27 04:09:01 -05:00
```plaintext
2019-11-14 22:06:34 -05:00
GET /groups/:id/audit_events/:audit_event_id
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the group ](README.md#namespaced-path-encoding ) |
2020-03-09 17:07:57 -04:00
| `audit_event_id` | integer | yes | The ID of the audit event |
2019-11-14 22:06:34 -05:00
2020-01-30 10:09:15 -05:00
```shell
2020-05-27 20:08:37 -04:00
curl --header "PRIVATE-TOKEN: < your_access_token > " "https://primary.example.com/api/v4/groups/60/audit_events/2"
2019-11-14 22:06:34 -05:00
```
Example response:
```json
{
"id": 2,
"author_id": 1,
"entity_id": 60,
"entity_type": "Group",
"details": {
"custom_message": "Group marked for deletion",
"author_name": "Administrator",
"target_id": "flightjs",
"target_type": "Group",
"target_details": "flightjs",
"ip_address": "127.0.0.1",
"entity_path": "flightjs"
},
"created_at": "2019-08-28T19:36:44.162Z"
}
```
2020-06-03 20:08:17 -04:00
2021-02-04 13:09:22 -05:00
## Project Audit Events **(PREMIUM)**
2020-06-03 20:08:17 -04:00
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/219238) in GitLab 13.1.
2020-09-07 11:09:04 -04:00
The Project Audit Events API allows you to retrieve [project audit events ](../administration/audit_events.md#project-events ).
2020-06-03 20:08:17 -04:00
2020-12-09 16:09:43 -05:00
A user with a Maintainer role (or above) can retrieve project audit events of all users.
A user with a Developer role is limited to project audit events based on their individual actions.
2020-06-03 20:08:17 -04:00
### Retrieve all project audit events
```plaintext
GET /projects/:id/audit_events
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the project ](README.md#namespaced-path-encoding ) |
| `created_after` | string | no | Return project audit events created on or after the given time. Format: ISO 8601 YYYY-MM-DDTHH:MM:SSZ |
| `created_before` | string | no | Return project audit events created on or before the given time. Format: ISO 8601 YYYY-MM-DDTHH:MM:SSZ |
By default, `GET` requests return 20 results at a time because the API results
are paginated.
Read more on [pagination ](README.md#pagination ).
```shell
2020-12-08 04:09:41 -05:00
curl --header "PRIVATE-TOKEN: < your_access_token > " "https://primary.example.com/api/v4/projects/7/audit_events"
2020-06-03 20:08:17 -04:00
```
Example response:
```json
[
{
"id": 5,
"author_id": 1,
"entity_id": 7,
"entity_type": "Project",
"details": {
"change": "prevent merge request approval from reviewers",
"from": "",
"to": "true",
"author_name": "Administrator",
"target_id": 7,
"target_type": "Project",
"target_details": "twitter/typeahead-js",
"ip_address": "127.0.0.1",
"entity_path": "twitter/typeahead-js"
},
"created_at": "2020-05-26T22:55:04.230Z"
},
{
"id": 4,
"author_id": 1,
"entity_id": 7,
"entity_type": "Project",
"details": {
"change": "prevent merge request approval from authors",
"from": "false",
"to": "true",
"author_name": "Administrator",
"target_id": 7,
"target_type": "Project",
"target_details": "twitter/typeahead-js",
"ip_address": "127.0.0.1",
"entity_path": "twitter/typeahead-js"
},
"created_at": "2020-05-26T22:55:04.218Z"
}
]
```
### Retrieve a specific project audit event
Only available to project maintainers or owners.
```plaintext
GET /projects/:id/audit_events/:audit_event_id
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the project ](README.md#namespaced-path-encoding ) |
| `audit_event_id` | integer | yes | The ID of the audit event |
```shell
2020-12-08 04:09:41 -05:00
curl --header "PRIVATE-TOKEN: < your_access_token > " "https://primary.example.com/api/v4/projects/7/audit_events/5"
2020-06-03 20:08:17 -04:00
```
Example response:
```json
{
"id": 5,
"author_id": 1,
"entity_id": 7,
"entity_type": "Project",
"details": {
"change": "prevent merge request approval from reviewers",
"from": "",
"to": "true",
"author_name": "Administrator",
"target_id": 7,
"target_type": "Project",
"target_details": "twitter/typeahead-js",
"ip_address": "127.0.0.1",
"entity_path": "twitter/typeahead-js"
},
"created_at": "2020-05-26T22:55:04.230Z"
}
```
