Get audit events

Retrieve the audit logs for your organization. The APIs differ depending on the logging experience.

Unified logs experience

The unified logs experience uses these API endpoints and provides two scopes:

Organization-level: /orgaudit_/
Tenant-level: /tenantaudit_/

These APIs return audit information across UiPath services onboarded to the unified framework.

API Endpoint

For retrieving audit logs in the unified logging experience, you can use two different endpoints:

Metadata: Retrieves all available audit event types, structured as a hierarchy of sources, categories, and activities.

Scope API Endpoint
Organization level GET {accessURL}/{org-name}/orgaudit_/api/query/sources

Scope	API Endpoint
Organization level	`GET` `{accessURL}/{org-name}/orgaudit_/api/query/sources`

Replace {accessURL} in all endpoint paths with the base URL for your cloud platform:

Cloud platform	Access URL
Test Cloud	`https://cloud.uipath.com/`
Test Cloud Public Sector	`https://govcloud.uipath.us/`
Test Cloud Dedicated	`https://{customURL}.dedicated.uipath.com/`
Tenant level	`GET` `{accessURL}/{org-name}/{tenant-name}/tenantaudit_/api/query/sources`

Replace {accessURL} in all endpoint paths with the base URL for your cloud platform:

Cloud platform	Access URL
Test Cloud	`https://cloud.uipath.com/`
Test Cloud Public Sector	`https://govcloud.uipath.us/`
Test Cloud Dedicated	`https://{customURL}.dedicated.uipath.com/`

Query events: Retrieves audit events for the specified scope, with advanced filtering.

Scope API Endpoint
Organization level GET {accessURL}/{org-name}/orgaudit_/api/query/events

Scope	API Endpoint
Organization level	`GET` `{accessURL}/{org-name}/orgaudit_/api/query/events`

Replace {accessURL} in all endpoint paths with the base URL for your cloud platform:

Cloud platform	Access URL
Test Cloud	`https://cloud.uipath.com/`
Test Cloud Public Sector	`https://govcloud.uipath.us/`
Test Cloud Dedicated	`https://{customURL}.dedicated.uipath.com/`
Tenant level	GET``https://cloud.uipath.com/{org-name}/{tenant-name}/tenantaudit_/api/query/events

Scopes

Requires one of the following scopes:

PM.Audit
PM.Audit.Read

Request headers

--header 'Authorization: Bearer {access_token}'
--header 'Content-Type: application/json'

Query parameters

Parameter	Data type	Description
`from` (optional)	DateTime	Start of time interval.
`to` (optional)	DateTime	End of time interval.
`source` (optional)	Array [String]	List of event sources (as returned by the Metadata API).
`target` (optional)	Array [String]	List of event categories.
`type` (optional)	Array [String]	List of activity types.
`userIds` (optional)	Array [String]	List of user identifiers.
`searchTerm` (optional)	String	Keyword or term to search for.
`status` (optional)	Integer	0 = succeeded 1 = failed.
`maxCount` (optional)	Integer	Maximum number of records to return.

Responses

200 OK

Returns a JSON object with:

List of audit events
next link for pagination showing newer events
previous link for pagination showing older events

Example response

{
  "auditEvents": [
    {
      "id": "string",
      "createdOn": "2025-03-24T18:35:38.122Z",
      "organizationId": "string",
      "organizationName": "string",
      "tenantId": "string",
      "tenantName": "string",
      "actorId": "string",
      "actorName": "string",
      "actorEmail": "string",
      "eventType": "string",
      "eventSource": "string",
      "eventTarget": "string",
      "eventDetails": "string",
      "eventSummary": "string",
      "status": 0,
      "clientInfo": {
        "ipAddress": "string",
        "ipCountry": "string"
      }
    }
  ],
  "next": "string",
  "previous": "string"
}

Example requests

Organization level

curl --location 'https://cloud.uipath.com/{org-name}/orgaudit_/api/query/events?status=0&from=2024-12-24T19%3A11%3A46.403Z&to=2025-03-24T19%3A11%3A46.403Z' \
--header 'Authorization: Bearer {token}'

Tenant level

curl --location 'https://cloud.uipath.com/{org-name}/{tenant-name}/tenantaudit_/api/query/events?status=0&from=2024-12-24T19%3A11%3A46.403Z&to=2025-03-24T19%3A11%3A46.403Z' \
--header 'Authorization: Bearer {token}'

Classic logs experience

Retrieves audit logs for an organization based on its name.

API Endpoint

GET {accessURL}/audit_/api/auditlogs/partitionGlobalId

Replace {accessURL} in all endpoint paths with the base URL for your cloud platform:

Cloud platform	Access URL
Test Cloud	`https://cloud.uipath.com/`
Test Cloud Public Sector	`https://govcloud.uipath.us/`
Test Cloud Dedicated	`https://{customURL}.dedicated.uipath.com/`

Scopes

Requires one of the following scopes:

PM.Audit
PM.Audit.Read

Request Headers

--header 'Authorization: Bearer {access_token}'\
--header 'Content-Type: application/json'

Query Parameters

Query param	Data type	Description
`language` (optional)	string	Specify the available display language, in the shorten form. For example, `en`, `fr`, `de`, `ja` etc.
`top` (optional)	int32	Display the top N entries of the audit.
`skip` (optional)	int32	Skip the top N audit entries from displaying.
`sortBy` (optional)	string	Specify the DTO property used to sort audit entries by. For example, `createdOn`, `category`, `email`, etc.
`sortOrder` (optional)	string	Specify the sorting order. For example, ascending (`asc`) or descending (`desc`).
`api-version` (optional)	string	Specify the API version you are using.

Responses

200 OK

Returns the queried audit events.

Example Request

Let's say you gathered all the information needed to build the API call.

Your {baseURL} is: https://cloud.uipath.com/{organizationName}
Your {access_token} is: 1234 (for length considerations).
You set the following query params:
- language = en
- top = 2, to display the top two entries
- skip = 2, to skip the first two entries
- sortBy = createdOn, to sort the entries by their creation time
- sortOrder = asc, to sort the entries from the earliest entry to the latest one

The call should resemble the following example (cURL):

curl --location --request GET ' https://cloud.uipath.com/{organizationName}/audit_/api/auditlogs?language=en&top=2&skip=2&sortBy=createdOn&sortOrder=asc' \
--header 'Authorization: Bearer 1234' \
--header 'Content-Type: application/json'

Here's the response body for a successful audit entries retrieval:

{
    "totalCount": 29,
    "results": [
        {
            "createdOn": "2021-10-14T13:10:15.1964174+00:00",
            "category": "User",
            "action": "Login",
            "auditLogDetails": "{\r\n \"userName\": \"System Administrator admin\",\r\n \"email\": \"\"\r\n}", 
            "userName": "System Administrator",
            "email": "",
            "message": "User 'System Administrator admin' logged in",
            "detailsVersion": "1.0",
            "source": "Cis"
        },
....
        {
            "createdOn": "2021-10-14T12:41:00.3268964+00:00",
            "category": "User",
            "action": "Login",
            "auditLogDetails": "{\r\n \"userName\": \"System Administrator admin\",\r\n \"email\": \"\"\r\n}", 
            "userName": "System Administrator",
            "email": "",
            "message": "User 'System Administrator admin' logged in",
            "detailsVersion": "1.0",
            "source": "Cis"
        }
    ]
}

Unified logs experience​

API Endpoint​

Scopes​

Request headers​

Query parameters​

Responses​

200 OK​

Example response​

Example requests​

Classic logs experience​

API Endpoint​

Scopes​

Request Headers​

Query Parameters​

Responses​

200 OK​

Example Request​

Unified logs experience

API Endpoint

Scopes

Request headers

Query parameters

Responses

200 OK

Example response

Example requests

Classic logs experience

API Endpoint

Scopes

Request Headers

Query Parameters

Responses

200 OK

Example Request