Audit Log API

The Marketing Cloud Personalization Audit Log API enables you to programmatically retrieve access and activity logs from your Personalization instance. You can use the Audit Log API to retrieve logs for specific date ranges up to 50 days in the past. This API provides paginated responses with up to 2000 records per page. Each log record includes information about authentication, API token and user management, campaigns, templates, catalog configurations, segments, and other related events.

You can use these logs for security and investigation purposes, and to demonstrate compliance with laws, regulations, and policies. In addition, using a specified timeframe, the API enables you to export audit trail information into your internal systems for easy storage, search, and analysis.

GET /api/audit/list

https://<accountName>.<instance>.evergage.com/api/audit/list

URL Parameter	Required?	Description
`accountName`	Yes	The Personalization account name. You can find the `accountName` by accessing Gears from the Personalization UI and reviewing the URL. For example, if the Gears URL is `https://demo.us-1.evergage.com/`, then the account name is `demo`.
`instance`	Yes	The Personalization instance identifier. You can find this value by accessing Gears from the Personalization UI and reviewing the URL. For example, if the Gears URL is `https://demo.us-1.evergage.com/`, then the instance identifier is `us-1`.
`page`	No	The specific page of data to return from a paginated response. The `page` parameter is typically used in conjunction with the `pageSize` parameter to control the number of records returned per page. The default value is `1`. To iterate through an entire response, start by setting page to `1`, and continue making requests until you get zero results.
`pageSize`	No	The number of records to be returned per page in a paginated response. The `pageSize` parameter is typically used in conjunction with the `page` parameter to navigate through a paginated response. The default value is `100`.
`startDate`	No	The start date of the date range for the audit logs to be returned. If unspecified, the default value is seven days before the current date. The `startDate` must precede the `endDate` and be sent as a string represented in the ISO-8601 format, for example, `2023-03-01T22:00:00.000Z`.
`endDate`	No	The end date of the audit log date range that you want to retrieve. If unspecified, the default value is the current date. The `endDate` value must follow the `startDate` value, and be sent as a string represented in the ISO-8601 format, for example,`2023-03-01T22:00:00.000Z`. Note: You can retrieve logs for a maximum range of 50 days. If the range specified exceeds 50 days, the platform automatically adjusts the range and outputs logs from 50 days before the specified `endDate`.

application/json

Authorization: Basic <base64-encoded-API-token>

The Audit Log API uses API tokens to authenticate requests. Your API token must be a strict Base64 encoding of your API Key ID and its API Secret Key, separated by a colon. For the API token to have access to the Audit Log API, you must enable the Can access Audit logs permission when creating or updating a token. For security purposes, we recommend using a dedicated token to access Audit Log API with only this permission enabled.

A token with the Can access Audit logs permission doesn’t use dataset restrictions for the Audit Log data. Instead, the token provides access to Audit Log data across all datasets.

For more information on API tokens, see Personalization API Tokens on Salesforce Help.

When using cURL to interact with the API, you can use the -u "apiKeyId:apiKeySecret" command-line option to send your API Key ID and API Key Secret. cURL automatically converts the apiKeyId:apiKeySecret pair into a Base64-encoded string and adds Authorization: Basic <base64-encoded-API-token> to the request header.

The following is an example API request sent using cURL.

Property	Optional	Data Type	Description
`page`	No	Number	The requested page number. The value of the `page` query parameter you specified in the request, or the default value if no page number was specified.
`pageSize`	No	Number	The requested page size. The value of the `pageSize` query parameter you specified in the request, or the default value if no page number was specified.
`count`	No	Number	Number of records for the specified date range.
`startDate`	No	String	The start date in the ISO-8601 format used when filtering the results. For example: `2023-03-01T22:00:00.000Z`.
`endDate`	No	String	The end date in the ISO-8601 format used when filtering the results. For example: `2023-03-01T22:00:00.000Z`.
`items`	No	Array	An array of Audit Log events.
`<Item>.date`	No	String	The event date for a record in the ISO-8601 format. For example: 2023-03-01T22:00:00.000Z.A string representation of the event date in the ISO-8601 format. For example: `2023-03-01T22:00:00.000Z`.
`<Item>.tenantId`	No	String	Your Personalization `accountName`.
`<Item>.datasetId`	Yes	String	The dataset where an event occurred. This property doesn’t exist for global events like authentication.
`<Item>.employee.ipAddress`	Yes	String	The IP address of the user associated with the audit event, if available.
`<Item>.employee.id`	Yes	String	The Marketing Cloud user ID associated with the audit event, if available.
`<Item>.employee.emailAddress`	Yes	String	The Marketing Cloud user email address associated with the audit event, if available.
`<Item>.type`	No	String	Audit Log event type. For example: `API Token`, `Authentication`, `Segment`, `Campaign`, and so on.
`<Item>.operation.name`	No	String	The type of operation performed. Examples of available options: `Create`, `Read`, `Update`, `Delete`, `Auth`, `Execute`, `TestExecute`.
`<Item>.operation.detail`	Yes	Array	A list of optional additional details about the operation performed by the user.
`<Item>.object.id`	Yes	String	A reference to the object that was affected by the logged operation.

Salesforce Help: View the Personalization Audit Log
Salesforce Help: Personalization API Tokens