> ## Documentation Index
> Fetch the complete documentation index at: https://www.1password.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Retrieves audit events for actions performed by team members within a 1Password account

> This endpoint requires your JSON Web Token to have the *auditevents* feature.



## OpenAPI

````yaml /openapi/events_api.yaml post /api/v2/auditevents
openapi: 3.0.0
info:
  title: Events API
  description: 1Password Events API Specification.
  version: 1.4.1
servers:
  - url: https://events.1password.com
    description: 1Password
  - url: https://events.1password.ca
    description: 1Password CA
  - url: https://events.1password.eu
    description: 1Password EU
  - url: https://events.ent.1password.com
    description: 1Password Enterprise
security: []
paths:
  /api/v2/auditevents:
    post:
      tags:
        - api-v2
      summary: >-
        Retrieves audit events for actions performed by team members within a
        1Password account
      description: >-
        This endpoint requires your JSON Web Token to have the *auditevents*
        feature.
      operationId: getAuditEventsV2
      requestBody:
        $ref: '#/components/requestBodies/AuditEventsRequest'
      responses:
        '200':
          $ref: '#/components/responses/AuditEventsV2Response'
        '401':
          $ref: '#/components/responses/UnauthorizedErrorResponse'
        '500':
          $ref: '#/components/responses/InternalServerErrorResponse'
        default:
          $ref: '#/components/responses/GenericErrorResponse'
      security:
        - jwtsa: []
components:
  requestBodies:
    AuditEventsRequest:
      $ref: '#/components/requestBodies/CursorRequest'
    CursorRequest:
      content:
        application/json:
          schema:
            oneOf:
              - $ref: '#/components/schemas/Cursor'
              - $ref: '#/components/schemas/ResetCursor'
          examples:
            Continuing cursor:
              $ref: '#/components/examples/Cursor'
            Resetting cursor:
              $ref: '#/components/examples/ResetCursor'
  responses:
    AuditEventsV2Response:
      description: Audit events response object
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/AuditEventItemsV2'
    UnauthorizedErrorResponse:
      description: Unauthorized
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    InternalServerErrorResponse:
      description: Internal Server Error
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    GenericErrorResponse:
      description: Generic error
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  schemas:
    AuditEventItemsV2:
      description: An object wrapping cursor properties and a list of audit events
      allOf:
        - properties:
            items:
              type: array
              items:
                $ref: '#/components/schemas/AuditEventV2'
        - $ref: '#/components/schemas/CursorCollection'
    Error:
      type: object
      properties:
        Error:
          type: object
          properties:
            Message:
              type: string
              description: The error message.
    Cursor:
      description: Cursor
      properties:
        cursor:
          description: >-
            Cursor to fetch more data if available or continue the polling
            process if required
          type: string
          example: aGVsbG8hIGlzIGl0IG1lIHlvdSBhcmUgbG9va2luZyBmb3IK
    ResetCursor:
      description: Reset cursor
      properties:
        limit:
          type: number
          minimum: 1
          maximum: 1000
        start_time:
          $ref: '#/components/schemas/DateTimeRFC3339'
        end_time:
          $ref: '#/components/schemas/DateTimeRFC3339'
    AuditEventV2:
      description: A single audit event object
      properties:
        uuid:
          $ref: '#/components/schemas/UUID'
        timestamp:
          $ref: '#/components/schemas/DateTimeRFC3339'
        actor_uuid:
          $ref: '#/components/schemas/UUID'
        actor_details:
          $ref: '#/components/schemas/User'
        actor_type:
          $ref: '#/components/schemas/AuditEventActorTypes'
        actor_account_uuid:
          $ref: '#/components/schemas/UUID'
        account_uuid:
          $ref: '#/components/schemas/UUID'
        action:
          $ref: '#/components/schemas/AuditEventActions'
        object_type:
          $ref: '#/components/schemas/AuditEventObjectTypes'
        object_uuid:
          $ref: '#/components/schemas/UUID'
        object_details:
          $ref: '#/components/schemas/User'
        aux_id:
          type: integer
        aux_uuid:
          $ref: '#/components/schemas/UUID'
        aux_details:
          $ref: '#/components/schemas/User'
        aux_info:
          type: string
        session:
          $ref: '#/components/schemas/Session'
        location:
          $ref: '#/components/schemas/Location'
    CursorCollection:
      description: Common cursor properties for collection responses
      allOf:
        - $ref: '#/components/schemas/Cursor'
        - properties:
            has_more:
              description: >-
                Whether there may still be more data to fetch using the returned
                cursor. If true, the subsequent request could still be empty.
              type: boolean
    DateTimeRFC3339:
      type: string
      format: date-time
      example: '2020-06-11T16:32:50-03:00'
    UUID:
      type: string
      example: 56YE2TYN2VFYRLNSHKPW5NVT5E
    User:
      description: User object
      properties:
        uuid:
          $ref: '#/components/schemas/UUID'
        name:
          description: Full name
          type: string
          example: Jack O'Neill
        email:
          type: string
          format: email
    AuditEventActorTypes:
      type: string
      enum:
        - user
        - external_user
    AuditEventActions:
      type: string
      enum:
        - activate
        - update
        - delete
        - convert
        - enblduo
        - updatduo
        - disblduo
        - rdmchild
        - detchild
        - dlgsess
        - create
        - deolddev
        - dealldev
        - reauth
        - begin
        - complete
        - propose
        - updatfw
        - join
        - leave
        - role
        - purge
        - view
        - export
        - replace
        - grant
        - revoke
        - share
        - delshare
        - uisas
        - enblmfa
        - updatmfa
        - disblmfa
        - musercom
        - muserdec
        - sendpkg
        - resendts
        - prsndall
        - trename
        - tverify
        - trevoke
        - ssotknv
        - enblsso
        - disblsso
        - chngpsso
        - chngasso
        - chngdsso
        - delgsso
        - addgsso
        - cancel
        - hide
        - unhide
        - upguest
        - verify
        - reactive
        - suspend
        - beginr
        - provsn
        - sendts
        - unknown
        - completr
        - cancelr
        - trvlaway
        - trvlback
        - changeks
        - changemp
        - changesk
        - changenm
        - changela
        - tdvcsso
        - sdvcsso
        - patch
        - updatea
        - vrfydmn
        - uvrfydmn
        - dvrfydmn
        - expire
        - launchi
        - unlink
    AuditEventObjectTypes:
      type: string
      enum:
        - account
        - user
        - device
        - group
        - gm
        - vault
        - item
        - items
        - itemhist
        - vaultkey
        - template
        - uva
        - gva
        - invite
        - ec
        - miguser
        - sso
        - sub
        - card
        - pm
        - slackapp
        - file
        - famchild
        - sa
        - satoken
        - dlgdsess
        - ssotkn
        - report
        - cred
        - mngdacc
    Session:
      description: Session information gathered about the client
      properties:
        uuid:
          $ref: '#/components/schemas/UUID'
        login_time:
          $ref: '#/components/schemas/DateTimeRFC3339'
        device_uuid:
          $ref: '#/components/schemas/UUID'
        ip:
          type: string
          example: 13.227.95.22
    Location:
      description: Geolocation Info about the client
      properties:
        country:
          type: string
          example: CA
        region:
          type: string
          example: Ontario
        city:
          type: string
          example: Toronto
        longitude:
          type: number
          example: 43.64
        latitude:
          type: number
          example: -79.433
  examples:
    Cursor:
      summary: Used for continued calling with a cursor
      value:
        cursor: aGVsbG8hIGlzIGl0IG1lIHlvdSBhcmUgbG9va2luZyBmb3IK
    ResetCursor:
      summary: Used for reseting the cursor
      value:
        limit: 100
        start_time: '2021-06-11T16:32:50-03:00'
  securitySchemes:
    jwtsa:
      type: http
      description: A JWT SA token issued to this service
      scheme: bearer
      bearerFormat: JWT-SA

````