2021-01-29 00:20:46 +05:30
---
2021-03-08 18:12:59 +05:30
stage: Manage
group: Compliance
2021-02-22 17:27:13 +05:30
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
2021-01-29 00:20:46 +05:30
---
2019-12-26 22:10:19 +05:30
# Audit Events API
2021-04-17 20:07:23 +05:30
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/121) in GitLab 12.4.
2021-03-11 19:13:27 +05:30
## Instance Audit Events **(PREMIUM SELF)**
2019-12-21 20:55:43 +05:30
2020-11-24 15:15:51 +05:30
The Audit Events API allows you to retrieve [instance audit events ](../administration/audit_events.md#instance-events ).
2019-12-21 20:55:43 +05:30
2020-04-08 14:13:33 +05:30
To retrieve audit events using the API, you must [authenticate yourself ](README.md#authentication ) as an Administrator.
2019-12-21 20:55:43 +05:30
2019-12-26 22:10:19 +05:30
### Retrieve all instance audit events
2019-12-21 20:55:43 +05:30
2020-04-08 14:13:33 +05:30
```plaintext
2019-12-21 20:55:43 +05:30
GET /audit_events
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `created_after` | string | no | Return audit events created on or after the given time. Format: ISO 8601 YYYY-MM-DDTHH:MM:SSZ |
| `created_before` | string | no | Return audit events created on or before the given time. Format: ISO 8601 YYYY-MM-DDTHH:MM:SSZ |
| `entity_type` | string | no | Return audit events for the given entity type. Valid values are: `User` , `Group` , or `Project` . |
2019-12-26 22:10:19 +05:30
| `entity_id` | integer | no | Return audit events for the given entity ID. Requires `entity_type` attribute to be present. |
2019-12-21 20:55:43 +05:30
By default, `GET` requests return 20 results at a time because the API results
are paginated.
Read more on [pagination ](README.md#pagination ).
2020-03-13 15:44:24 +05:30
```shell
2020-06-23 00:09:42 +05:30
curl --header "PRIVATE-TOKEN: < your_access_token > " "https://primary.example.com/api/v4/audit_events"
2019-12-21 20:55:43 +05:30
```
Example response:
```json
[
{
"id": 1,
"author_id": 1,
"entity_id": 6,
"entity_type": "Project",
"details": {
"custom_message": "Project archived",
"author_name": "Administrator",
"target_id": "flightjs/flight",
"target_type": "Project",
"target_details": "flightjs/flight",
"ip_address": "127.0.0.1",
"entity_path": "flightjs/flight"
},
"created_at": "2019-08-30T07:00:41.885Z"
},
{
"id": 2,
"author_id": 1,
"entity_id": 60,
"entity_type": "Group",
"details": {
"add": "group",
"author_name": "Administrator",
"target_id": "flightjs",
"target_type": "Group",
"target_details": "flightjs",
"ip_address": "127.0.0.1",
"entity_path": "flightjs"
},
"created_at": "2019-08-27T18:36:44.162Z"
},
{
"id": 3,
"author_id": 51,
"entity_id": 51,
"entity_type": "User",
"details": {
"change": "email address",
"from": "hello@flightjs.com",
"to": "maintainer@flightjs.com",
"author_name": "Andreas",
"target_id": 51,
"target_type": "User",
"target_details": "Andreas",
"ip_address": null,
"entity_path": "Andreas"
},
"created_at": "2019-08-22T16:34:25.639Z"
}
]
```
2019-12-26 22:10:19 +05:30
### Retrieve single instance audit event
2019-12-21 20:55:43 +05:30
2020-04-08 14:13:33 +05:30
```plaintext
2019-12-21 20:55:43 +05:30
GET /audit_events/:id
```
2020-04-08 14:13:33 +05:30
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer | yes | The ID of the audit event |
2020-03-13 15:44:24 +05:30
```shell
2020-06-23 00:09:42 +05:30
curl --header "PRIVATE-TOKEN: < your_access_token > " "https://primary.example.com/api/v4/audit_events/1"
2019-12-21 20:55:43 +05:30
```
Example response:
```json
{
"id": 1,
"author_id": 1,
"entity_id": 6,
"entity_type": "Project",
"details": {
"custom_message": "Project archived",
"author_name": "Administrator",
"target_id": "flightjs/flight",
"target_type": "Project",
"target_details": "flightjs/flight",
"ip_address": "127.0.0.1",
"entity_path": "flightjs/flight"
},
"created_at": "2019-08-30T07:00:41.885Z"
}
```
2019-12-26 22:10:19 +05:30
2021-03-11 19:13:27 +05:30
## Group Audit Events **(PREMIUM)**
2019-12-26 22:10:19 +05:30
2020-06-23 00:09:42 +05:30
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/34078) in GitLab 12.5.
2019-12-26 22:10:19 +05:30
2020-11-24 15:15:51 +05:30
The Group Audit Events API allows you to retrieve [group audit events ](../administration/audit_events.md#group-events ).
2019-12-26 22:10:19 +05:30
2021-02-22 17:27:13 +05:30
A user with a Owner role (or above) can retrieve group audit events of all users.
A user with a Developer or Maintainer role is limited to group audit events based on their individual actions.
2019-12-26 22:10:19 +05:30
### Retrieve all group audit events
2020-04-08 14:13:33 +05:30
```plaintext
2019-12-26 22:10:19 +05:30
GET /groups/:id/audit_events
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the group ](README.md#namespaced-path-encoding ) |
| `created_after` | string | no | Return group audit events created on or after the given time. Format: ISO 8601 YYYY-MM-DDTHH:MM:SSZ |
| `created_before` | string | no | Return group audit events created on or before the given time. Format: ISO 8601 YYYY-MM-DDTHH:MM:SSZ |
By default, `GET` requests return 20 results at a time because the API results
are paginated.
Read more on [pagination ](README.md#pagination ).
2020-03-13 15:44:24 +05:30
```shell
2020-06-23 00:09:42 +05:30
curl --header "PRIVATE-TOKEN: < your_access_token > " "https://primary.example.com/api/v4/groups/60/audit_events"
2019-12-26 22:10:19 +05:30
```
Example response:
```json
[
{
"id": 2,
"author_id": 1,
"entity_id": 60,
"entity_type": "Group",
"details": {
"custom_message": "Group marked for deletion",
"author_name": "Administrator",
"target_id": "flightjs",
"target_type": "Group",
"target_details": "flightjs",
"ip_address": "127.0.0.1",
"entity_path": "flightjs"
},
"created_at": "2019-08-28T19:36:44.162Z"
},
{
"id": 1,
"author_id": 1,
"entity_id": 60,
"entity_type": "Group",
"details": {
"add": "group",
"author_name": "Administrator",
"target_id": "flightjs",
"target_type": "Group",
"target_details": "flightjs",
"ip_address": "127.0.0.1",
"entity_path": "flightjs"
},
"created_at": "2019-08-27T18:36:44.162Z"
}
]
```
### Retrieve a specific group audit event
Only available to group owners and administrators.
2020-04-08 14:13:33 +05:30
```plaintext
2019-12-26 22:10:19 +05:30
GET /groups/:id/audit_events/:audit_event_id
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the group ](README.md#namespaced-path-encoding ) |
2020-04-08 14:13:33 +05:30
| `audit_event_id` | integer | yes | The ID of the audit event |
2019-12-26 22:10:19 +05:30
2020-03-13 15:44:24 +05:30
```shell
2020-06-23 00:09:42 +05:30
curl --header "PRIVATE-TOKEN: < your_access_token > " "https://primary.example.com/api/v4/groups/60/audit_events/2"
2019-12-26 22:10:19 +05:30
```
Example response:
```json
{
"id": 2,
"author_id": 1,
"entity_id": 60,
"entity_type": "Group",
"details": {
"custom_message": "Group marked for deletion",
"author_name": "Administrator",
"target_id": "flightjs",
"target_type": "Group",
"target_details": "flightjs",
"ip_address": "127.0.0.1",
"entity_path": "flightjs"
},
"created_at": "2019-08-28T19:36:44.162Z"
}
```
2020-06-23 00:09:42 +05:30
2021-03-11 19:13:27 +05:30
## Project Audit Events **(PREMIUM)**
2020-06-23 00:09:42 +05:30
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/219238) in GitLab 13.1.
2020-11-24 15:15:51 +05:30
The Project Audit Events API allows you to retrieve [project audit events ](../administration/audit_events.md#project-events ).
2020-06-23 00:09:42 +05:30
2021-02-22 17:27:13 +05:30
A user with a Maintainer role (or above) can retrieve project audit events of all users.
A user with a Developer role is limited to project audit events based on their individual actions.
2020-06-23 00:09:42 +05:30
### Retrieve all project audit events
```plaintext
GET /projects/:id/audit_events
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the project ](README.md#namespaced-path-encoding ) |
| `created_after` | string | no | Return project audit events created on or after the given time. Format: ISO 8601 YYYY-MM-DDTHH:MM:SSZ |
| `created_before` | string | no | Return project audit events created on or before the given time. Format: ISO 8601 YYYY-MM-DDTHH:MM:SSZ |
By default, `GET` requests return 20 results at a time because the API results
are paginated.
Read more on [pagination ](README.md#pagination ).
```shell
2021-02-22 17:27:13 +05:30
curl --header "PRIVATE-TOKEN: < your_access_token > " "https://primary.example.com/api/v4/projects/7/audit_events"
2020-06-23 00:09:42 +05:30
```
Example response:
```json
[
{
"id": 5,
"author_id": 1,
"entity_id": 7,
"entity_type": "Project",
"details": {
"change": "prevent merge request approval from reviewers",
"from": "",
"to": "true",
"author_name": "Administrator",
"target_id": 7,
"target_type": "Project",
"target_details": "twitter/typeahead-js",
"ip_address": "127.0.0.1",
"entity_path": "twitter/typeahead-js"
},
"created_at": "2020-05-26T22:55:04.230Z"
},
{
"id": 4,
"author_id": 1,
"entity_id": 7,
"entity_type": "Project",
"details": {
"change": "prevent merge request approval from authors",
"from": "false",
"to": "true",
"author_name": "Administrator",
"target_id": 7,
"target_type": "Project",
"target_details": "twitter/typeahead-js",
"ip_address": "127.0.0.1",
"entity_path": "twitter/typeahead-js"
},
"created_at": "2020-05-26T22:55:04.218Z"
}
]
```
### Retrieve a specific project audit event
Only available to project maintainers or owners.
```plaintext
GET /projects/:id/audit_events/:audit_event_id
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the project ](README.md#namespaced-path-encoding ) |
| `audit_event_id` | integer | yes | The ID of the audit event |
```shell
2021-02-22 17:27:13 +05:30
curl --header "PRIVATE-TOKEN: < your_access_token > " "https://primary.example.com/api/v4/projects/7/audit_events/5"
2020-06-23 00:09:42 +05:30
```
Example response:
```json
{
"id": 5,
"author_id": 1,
"entity_id": 7,
"entity_type": "Project",
"details": {
"change": "prevent merge request approval from reviewers",
"from": "",
"to": "true",
"author_name": "Administrator",
"target_id": 7,
"target_type": "Project",
"target_details": "twitter/typeahead-js",
"ip_address": "127.0.0.1",
"entity_path": "twitter/typeahead-js"
},
"created_at": "2020-05-26T22:55:04.230Z"
}
```
