GET /data/v1/audit/securityEvents

Retrieve logged Audit Trail security events for the current account and its children. Logins are audited at the enterprise level.

Timestamps for Audit Trail data use the US Central Standard Time (GMT-6, CST) timezone.

To retrieve Audit Trail data, you must have the Data | Tracking Event | Read permission scope.

NameTypeDescription
$orderBystringThe field and sort method to use to sort the results. You can sort based on the value of createdDate in ascending (ASC) or descending (DESC) order. The default value is createdDate DESC.
$pagenumberThe page number of results to retrieve. The default value is 1.
$pagesizenumberThe number of items to return on a page of results. The default value is 50.
enddatestringEnd date of the date range to search for security events. Specify the value as an ISO 8601 timestamp. The value of enddate must occur after the value of startdate. The default value is today's date.
startdatestringStart date of the date range to search for security events. Specify the value as an ISO 8601 timestamp. The value of startdate must occur before the value of enddate. The default value is 30 days before today's date.
StatusNameTypeDescription
200  OK
 idnumberID of the security event.
 createdDatedatetimeCreation date of the security event.
 memberIdnumberMember ID associated with the security event.
 enterpriseIdnumberEnterprise ID to which the member belongs.
 employeeobjectUser associated with the security event.
 ipAddressstringIP address associated with the security event.
 sessionIdstringSession ID associated with the security event. Available only with Advanced Audit Trail.
 userAgentstringUser agent associated with the security event. Available only with Advanced Audit Trail.
 eventTypeobjectType of security event.
 loginStatusobjectStatus of the security event.
 eventSourceobjectSource of the security event.
    
400  Bad request
 MessagestringError message.
 ErrorCodenumberError code for the exception.
 DocumentationstringDocumentation for the error.
    
401  Invalid access token or tenant-specific endpoint.
 MessagestringError message.
 ErrorCodenumberError code for the exception.
 DocumentationstringDocumentation for the error.