GET /data/v1/audit/securityEvents
Retrieve logged Audit Trail security events for the current account and its children. Logins are audited at the enterprise level.
Timestamps for Audit Trail data use the US Central Standard Time (GMT-6, CST) timezone.
To retrieve Audit Trail data, you must have the Data | Tracking Event | Read permission scope.
| Name | Type | Description |
|---|---|---|
$orderBy | string | The field and sort method to use to sort the results. You can sort based on the value of createdDate in ascending (ASC) or descending (DESC) order. The default value is createdDate DESC. |
$page | number | The page number of results to retrieve. The default value is 1. |
$pagesize | number | The number of items to return on a page of results. The default value is 50. |
enddate | string | End date of the date range to search for security events. Specify the value as an ISO 8601 timestamp. The value of enddate must occur after the value of startdate. The default value is today's date. |
startdate | string | Start date of the date range to search for security events. Specify the value as an ISO 8601 timestamp. The value of startdate must occur before the value of enddate. The default value is 30 days before today's date. |
| Status | Name | Type | Description |
|---|---|---|---|
200 | OK | ||
| id | number | ID of the security event. | |
| createdDate | datetime | Creation date of the security event. | |
| memberId | number | Member ID associated with the security event. | |
| enterpriseId | number | Enterprise ID to which the member belongs. | |
| employee | object | User associated with the security event. | |
| ipAddress | string | IP address associated with the security event. | |
| sessionId | string | Session ID associated with the security event. Available only with Advanced Audit Trail. | |
| userAgent | string | User agent associated with the security event. Available only with Advanced Audit Trail. | |
| eventType | object | Type of security event. | |
| loginStatus | object | Status of the security event. | |
| eventSource | object | Source of the security event. | |
400 | Bad request | ||
| Message | string | Error message. | |
| ErrorCode | number | Error code for the exception. | |
| Documentation | string | Documentation for the error. | |
401 | Invalid access token or tenant-specific endpoint. | ||
| Message | string | Error message. | |
| ErrorCode | number | Error code for the exception. | |
| Documentation | string | Documentation for the error. |
- Salesforce Help: Audit Trail