GET /data/v1/audit/securityEvents

Retrieves logged Audit Trail security events for the authenticated user’s account and its children. Logins are audited at the enterprise level.

Audit Trail stores data in the U.S. Central Standard Time (GMT-6, CST) timezone. Audit data pulled using the REST API has a CST timestamp.

URL Parameters

NameTypeDescription
$pagenumberPage number to return from the paged results. Start with 1 and continue until you get zero results. Typically provided along with the $pagesize parameter. The default is 1.
$pagesizenumberNumber of results per page to return. Typically provided along with the $page parameter.
$orderBystringDetermines which direction to sort the data by createdDate. Use asc for ascending and desc for descending order. For example: &$orderBy=createdDate desc. If you don't provide the $orderBy parameter, the results are sorted in ascending order.
startdatestringStart date of the date range to search for security events. If you don't provide a start date, the default is today minus 30 days. The startdate must be before the enddate.
enddatestringEnd date of the date range to search for security events.. If you don't provide an end date, the default is today. The enddate must be after the startdate.

Responses

StatusNameTypeDescription
200  OK
 idnumberID of the security event.
 createdDatedatetimeCreation date of the security event.
 memberIdnumberMember ID associated with the security event.
 enterpriseIdnumberEnterprise ID to which the member belongs.
 employeeobjectUser associated with the security event.
 ipAddressstringIP address associated with the security event.
 sessionIdstringSession ID associated with the security event. Available only with Advanced Audit Trail. Contact your Marketing Cloud account representative.
 userAgentstringUser agent associated with the security event. Available only with Advanced Audit Trail. Contact your Marketing Cloud account representative.
 eventTypeobjectType of security event.
 loginStatusobjectStatus of the security event.
 eventSourceobjectSource of the security event.
    
400  Bad request
 MessagestringError message.
 ErrorCodenumberError code for the exception.
 DocumentationstringDocumentation for the error.
    
401  Invalid access token or tenant-specific endpoint.
 MessagestringError message.
 ErrorCodenumberError code for the exception.
 DocumentationstringDocumentation for the error.

Required Marketing Cloud Permissions

  • Permission: Audit Logging | API Access
  • Scope: Data | Tracking Event | Read

Example Request

Example Response