curl --request GET \
--url https://app.trelica.com/api/audit/v1/logs{
"next": "https://acme.example.com/api/audit/v1/logs?after=eyJpZCI6NTQyMTR9&limit=100",
"results": [
{
"id": 54214,
"published": "2020-12-22T09:09:01Z",
"eventType": "employee_login_success",
"client": {
"ipAddress": "142.214.38.15"
},
"target": [
{
"id": "2dad1a642e744168c26b981ebfc1383f",
"type": "User",
"displayName": "John Doe",
"alternateId": "john.doe@example.com"
}
],
"details": {
"method": "password"
}
}
]
}List audit log events
Returns audit log events for your organization, oldest first.
The audit log is a continuous, append-only stream. Pagination is cursor-based but differs
from the rest of the SaaS Manager API: the response’s next field (and the link response
header, rel="next") always returns a cursor URL — even on the last page — so you can keep
following it to receive new events as they are written. Page until no further results are
returned, then poll the same next URL periodically to pick up new events.
Narrow results with since/until (a time window — by default the last 7 days),
a SCIM-style filter (all operators except [ ]), or a free-text q query (matches the
actor/target name, target email, and exactly matches event ID, event type, target ID and
target type). Use sortOrder=DESCENDING to return newest events first. limit defaults to
100 (maximum 1000).
curl --request GET \
--url https://app.trelica.com/api/audit/v1/logs{
"next": "https://acme.example.com/api/audit/v1/logs?after=eyJpZCI6NTQyMTR9&limit=100",
"results": [
{
"id": 54214,
"published": "2020-12-22T09:09:01Z",
"eventType": "employee_login_success",
"client": {
"ipAddress": "142.214.38.15"
},
"target": [
{
"id": "2dad1a642e744168c26b981ebfc1383f",
"type": "User",
"displayName": "John Doe",
"alternateId": "john.doe@example.com"
}
],
"details": {
"method": "password"
}
}
]
}Query Parameters
A SCIM-style filter expression restricting the items returned. See the Filtering section of the introduction for the operators and syntax; the filterable fields are listed per resource.
Filterable fields
- string:
actor.alternateId,actor.detail,actor.displayName,actor.id,actor.type,client.ipAddress,details,eventType,target.alternateId,target.displayName,target.id,target.type - number:
id,uuid - date:
published
Filter examples
eventType eq "employee_login_success"— Successful login eventseventType sw "integration_"— All integration-related eventsactor.alternateId eq "john.doe@example.com"— Events performed by this usertarget.type eq "CustomerApp"— Events whose target is an applicationclient.ipAddress eq "142.214.38.15"— Events originating from this IP addresspublished ge "2024-01-01"— Events published on or after 1 Jan 2024
Free-text search across the resource's displayable fields.
Only return items modified at or after this ISO-8601 timestamp.
Only return items modified at or before this ISO-8601 timestamp.
Opaque pagination cursor supplied by SaaS Manager via the link response header and the next field.
Maximum number of items to return per page (default 100, maximum 1000).
1 <= x <= 1000Response
OK
A cursor URL for the next page of results. Unlike the rest of the SaaS Manager API (which returns no value once paging is complete), the audit log is an append-only stream: this URL always points at where to resume, so keep following it to receive new events as they are written. The same URL is also returned in the link response header with rel="next".
The audit log events for this page, oldest first (or newest first when sortOrder is DESCENDING).
Show child attributes
Show child attributes
Was this page helpful?