Audit Log API
The Marketing Cloud Personalization Audit Log API enables you to programmatically retrieve access and activity logs from your Personalization instance. You can use the Audit Log API to retrieve logs for specific date ranges up to 50 days in the past. This API provides paginated responses with up to 2000 records per page. Each log record includes information about authentication, API token and user management, campaigns, templates, catalog configurations, segments, and other related events.
You can use these logs for security and investigation purposes, and to demonstrate compliance with laws, regulations, and policies. In addition, using a specified timeframe, the API enables you to export audit trail information into your internal systems for easy storage, search, and analysis.
|Yes||The Personalization account name. You can find the |
|Yes||The Personalization instance identifier. You can find this value by accessing Gears from the Personalization UI and reviewing the URL. For example, if the Gears URL is |
|No||The specific page of data to return from a paginated response. The |
|No||The number of records to be returned per page in a paginated response. The |
|No||The start date of the date range for the audit logs to be returned. If unspecified, the default value is seven days before the current date. The |
|No||The end date of the audit log date range that you want to retrieve. If unspecified, the default value is the current date. The |
Authorization: Basic <base64-encoded-API-token>
The Audit Log API uses API tokens to authenticate requests. Your API token must be a strict Base64 encoding of your API Key ID and its API Secret Key, separated by a colon. For the API token to have access to the Audit Log API, you must enable the Can access Audit logs permission when creating or updating a token. For security purposes, we recommend using a dedicated token to access Audit Log API with only this permission enabled.
A token with the Can access Audit logs permission doesn’t use dataset restrictions for the Audit Log data. Instead, the token provides access to Audit Log data across all datasets.
For more information on API tokens, see Personalization API Tokens on Salesforce Help.
When using cURL to interact with the API, you can use the
-u "apiKeyId:apiKeySecret" command-line option to send your API Key ID and API Key Secret. cURL automatically converts the
apiKeyId:apiKeySecret pair into a Base64-encoded string and adds
Authorization: Basic <base64-encoded-API-token> to the request header.
The following is an example API request sent using cURL.
|No||Number||The requested page number. The value of the |
|No||Number||The requested page size. The value of the |
|No||Number||Number of records for the specified date range.|
|No||String||The start date in the ISO-8601 format used when filtering the results. For example: |
|No||String||The end date in the ISO-8601 format used when filtering the results. For example: |
|No||Array||An array of Audit Log events.|
|No||String||The event date for a record in the ISO-8601 format. For example: 2023-03-01T22:00:00.000Z.A string representation of the event date in the ISO-8601 format. For example: |
|No||String||Your Personalization |
|Yes||String||The dataset where an event occurred. This property doesn’t exist for global events like authentication.|
|Yes||String||The IP address of the user associated with the audit event, if available.|
|Yes||String||The Marketing Cloud user ID associated with the audit event, if available.|
|Yes||String||The Marketing Cloud user email address associated with the audit event, if available.|
|No||String||Audit Log event type. For example: |
|No||String||The type of operation performed. Examples of available options: |
|Yes||Array||A list of optional additional details about the operation performed by the user.|
|Yes||String||A reference to the object that was affected by the logged operation.|