Get audit events
Retrieve the audit logs for your organization. The APIs differ depending on the logging experience.
Unified logs experience
The unified logs experience uses these API endpoints and provides two scopes:
- Organization-level:
/orgaudit_/ - Tenant-level:
/tenantaudit_/
These APIs return audit information across UiPath services onboarded to the unified framework.
API Endpoint
For retrieving audit logs in the unified logging experience, you can use two different endpoints:
-
Metadata: Retrieves all available audit event types, structured as a hierarchy of sources, categories, and activities.
Scope API Endpoint Organization level GEThttps://{yourDomain}/{org-name}/orgaudit_/api/query/sourcesTenant level GEThttps://{yourDomain}/{org-name}/{tenant-name}/tenantaudit_/api/query/sources -
Query events: Retrieves audit events for the specified scope, with advanced filtering.
Scope API Endpoint Organization level GEThttps://{yourDomain}/{org-name}/orgaudit_/api/query/eventsTenant level GET``https://{yourDomain}/{org-name}/{tenant-name}/tenantaudit_/api/query/events
Scopes
Requires one of the following scopes:
- PM.Audit
- PM.Audit.Read
Request headers
--header 'Authorization: Bearer {access_token}'
--header 'Content-Type: application/json'
Query parameters
| Parameter | Data type | Description |
|---|---|---|
from (optional) |
DateTime | Start of time interval. |
to (optional) |
DateTime | End of time interval. |
source (optional) |
Array [String] | List of event sources (as returned by the Metadata API). |
target (optional) |
Array [String] | List of event categories. |
type (optional) |
Array [String] | List of activity types. |
userIds (optional) |
Array [String] | List of user identifiers. |
searchTerm (optional) |
String | Keyword or term to search for. |
status (optional) |
Integer |
|
maxCount (optional) |
Integer | Maximum number of records to return. |
Responses
200 OK
Returns a JSON object with:
- List of audit events
nextlink for pagination showing newer eventspreviouslink for pagination showing older events
Example response
{
"auditEvents": [
{
"id": "string",
"createdOn": "2025-03-24T18:35:38.122Z",
"organizationId": "string",
"organizationName": "string",
"tenantId": "string",
"tenantName": "string",
"actorId": "string",
"actorName": "string",
"actorEmail": "string",
"eventType": "string",
"eventSource": "string",
"eventTarget": "string",
"eventDetails": "string",
"eventSummary": "string",
"status": 0,
"clientInfo": {
"ipAddress": "string",
"ipCountry": "string"
}
}
],
"next": "string",
"previous": "string"
}
Example requests
- Organization level
curl --location 'https://cloud.uipath.com/{org-name}/orgaudit_/api/query/events?status=0&from=2024-12-24T19%3A11%3A46.403Z&to=2025-03-24T19%3A11%3A46.403Z' \
--header 'Authorization: Bearer {token}' - Tenant level
curl --location 'https://cloud.uipath.com/{org-name}/{tenant-name}/tenantaudit_/api/query/events?status=0&from=2024-12-24T19%3A11%3A46.403Z&to=2025-03-24T19%3A11%3A46.403Z' \
--header 'Authorization: Bearer {token}'
Classic logs experience
Retrieves audit logs for an organization based on its name.
API Endpoint
GET https://{yourDomain}/{organizationName}/audit_/api/auditlogs/partitionGlobalId
Scopes
Requires one of the following scopes:
- PM.Audit
- PM.Audit.Read
Request Headers
--header 'Authorization: Bearer {access_token}'\
--header 'Content-Type: application/json'
Query Parameters
| Query param | Data type | Description |
|---|---|---|
language (optional) | string | Specify the available display language, in the shorten form. For example, en, fr, de, ja etc. |
top (optional) | int32 | Display the top N entries of the audit. |
skip (optional) | int32 | Skip the top N audit entries from displaying. |
sortBy (optional) | string | Specify the DTO property used to sort audit entries by. For example, createdOn, category, email, etc. |
sortOrder (optional) | string | Specify the sorting order. For example, ascending (asc) or descending (desc). |
api-version (optional) | string | Specify the API version you are using. |
Responses
200 OK
Returns the queried audit events.
Example Request
Let's say you gathered all the information needed to build the API call.
- Your
{baseURL}is:https://{yourDomain}/{organizationName} - Your
{access_token}is:1234(for length considerations). - You set the following query params:
language=entop= 2, to display the top two entriesskip= 2, to skip the first two entriessortBy=createdOn, to sort the entries by their creation timesortOrder=asc, to sort the entries from the earliest entry to the latest one
The call should resemble the following example (cURL):
curl --location --request GET ' https://{yourDomain}/{organizationName}/audit_/api/auditlogs?language=en&top=2&skip=2&sortBy=createdOn&sortOrder=asc' \
--header 'Authorization: Bearer 1234' \
--header 'Content-Type: application/json'
Here's the response body for a successful audit entries retrieval:
{
"totalCount": 29,
"results": [
{
"createdOn": "2021-10-14T13:10:15.1964174+00:00",
"category": "User",
"action": "Login",
"auditLogDetails": "{\r\n \"userName\": \"System Administrator admin\",\r\n \"email\": \"\"\r\n}",
"userName": "System Administrator",
"email": "",
"message": "User 'System Administrator admin' logged in",
"detailsVersion": "1.0",
"source": "Cis"
},
....
{
"createdOn": "2021-10-14T12:41:00.3268964+00:00",
"category": "User",
"action": "Login",
"auditLogDetails": "{\r\n \"userName\": \"System Administrator admin\",\r\n \"email\": \"\"\r\n}",
"userName": "System Administrator",
"email": "",
"message": "User 'System Administrator admin' logged in",
"detailsVersion": "1.0",
"source": "Cis"
}
]
}