Web API

Press shift + S to search API reference.

Audit logs

Audit log events

gethttps://api.airtable.com/v0/meta/enterpriseAccounts/{enterpriseAccountId}/auditLogEvents

Retrieve audit log events for an enterprise. By default, this will walk all the data we're currently storing and continue walking data into the future.

Requirements

AuthenticationPersonal access token, OAuth integration
Scopeenterprise.auditLogs:read
User role

Enterprise admin

Billing plansEnterprise (pre-2023.08 legacy plan), Enterprise Scale

Path parameters

enterpriseAccountId
string

Query parameters

startTime
optional<string>

Earliest audit log event to retrieve (inclusive), in ISO 8601 date time format. Optional. Defaults to the beginning of the retention period, 180 days ago.

endTime
optional<string>

Latest audit log event to retrieve (exclusive), in ISO 8601 date time format. Optional. Defaults to now.

originatingUserId
optional<string | array of strings>

Retrieve audit log events originating from the provided user ID or IDs (maximum 100). Optional.

eventType
optional<Audit log event types | array of Audit log event types>

Retrieve audit log events falling under the provided event type or event types (maximum 100). Optional.

modelId
optional<string | array of strings>

Retrieve audit log events taking action on, or involving, the provided model ID or IDs (maximum 100). Optional.

pageSize
optional<number>

The number of events per page. Maximum value of 1000; defaults to 10.

sortOrder
optional<"descending" | "ascending">

Sort the events by timestamp in ascending or descending order. Defaults to descending.

previous
optional<string>

If there are older items to retrieve, a previous is returned. Pass the previous from a prior call to retrieve the next-oldest page of items. You may pass the special value null to indicate "use the default behavior", which operates identically to omitting the previous parameter entirely.

next
optional<string>

If there are newer items to retrieve, a next is returned. Pass the next from a prior call to retrieve the next-newest page of items. You may pass the special value null to indicate "use the default behavior", which operates identically to omitting the next parameter entirely.

category
optional<"base" | "baseCollaboration" | "groups" | "role" | "share" | "user" | "twoFactorAuthentication" | "oauth" | "enterprise" | "enterpriseSettings" | "enterpriseLicenses" | "managedApps" | "components" | "publishedDataSets" | "dataTable" | "workspace" | "workspaceCollaboration" | "interface" | "standaloneForms" | "interfaceCollaboration" | "view" | "ai" | "solution" | "portal" | array of ("base" | "baseCollaboration" | "groups" | "role" | "share" | "user" | "twoFactorAuthentication" | "oauth" | "enterprise" | "enterpriseSettings" | "enterpriseLicenses" | "managedApps" | "components" | "publishedDataSets" | "dataTable" | "workspace" | "workspaceCollaboration" | "interface" | "standaloneForms" | "interfaceCollaboration" | "view" | "ai" | "solution" | "portal")>

Response format

events
array of the below object

Events are returned newest to oldest.

id
string
timestamp
string

A date timestamp in the ISO format, eg:"2018-01-01T00:00:00.000Z"

action
Audit log event types
actor
Audit log actor
modelId
string
modelType
"base" | "attachment" | "extension_installation" | "interface" | "page" | "page_element" | "record" | "share" | "invite" | "two_factor_strategy" | "user" | "group" | "view" | "workspace" | "enterprise" | "table" | "oauth_access_token" | "feature_kit_installation" | "managed_app" | "managed_app_release" | "component" | "component_release" | "data_table" | "data_table_import" | "published_dataset" | "role" | "portal"
payload
Audit log event payloads
payloadVersion
"1.0" | "1.1" | "2.0" | "3.0"
context
object
baseId
optional<string>

Base ID, a unique identifier for a base.

actionId
string
enterpriseAccountId
string
descendantEnterpriseAccountId
optional<string>
interfaceId
optional<string>
workspaceId
optional<string>
origin
object
ipAddress
string
userAgent
string
oauthAccessTokenId
optional<string>
personalAccessTokenId
optional<string>
sessionId
optional<string>
pagination
object

Contains pagination tokens (if existing).

next
string | null

Pagination token to retrieve the next-newest page of available items. If an endTime was provided in the query, this value will be non-null if there exist any newer items to retrieve. If an endTime was not provided in the query, this value will always be present to provide a starting point from which to continue consuming future audit log events. To retrieve the next-newest page of available items, repeat the request that generated this page of items, but supply this value as the next query parameter.

previous
string | null

Pagination token used to retrieve the next-oldest page of available items. This value will be non-null in the response only if there exist any older items to retrieve. To retrieve the next-oldest page of available items, repeat the request that generated this page of items, but supply this value as the previous query parameter.

Error responses

Invalid endTime (too far in the future) (422)
Invalid **endTime**. See error message for exact reason.
{
"error": {
"message": "Provided endTime is too far in the future",
"type": "INVALID_TIME_RANGE"
}
}
Invalid endTime (too far in the past) (422)
Invalid **endTime**. See error message for exact reason.
{
"error": {
"message": "Provided endTime is before oldest queryable time",
"type": "INVALID_TIME_RANGE"
}
}
Invalid filter (422)
Invalid **filter**. See error message for exact reason.
{
"error": {
"message": "Maximum filter count per parameter is 100",
"type": "TOO_MANY_FILTERS"
}
}
Invalid pageSize (422)
Invalid **pageSize**. See error message for exact reason.
{
"error": {
"message": "Maximum pageSize is 1000",
"type": "INVALID_PAGE_SIZE_ARGUMENT"
}
}
Invalid pagination token (422)
Invalid **pagination**. See error message for exact reason.
{
"error": {
"message": "Invalid pagination token",
"type": "INVALID_PAGINATION_TOKEN"
}
}
Invalid pagination token (multiple tokens received) (422)
Invalid **pagination**. See error message for exact reason.
{
"error": {
"message": "Multiple pagination tokens received",
"type": "MULTIPLE_PAGINATION_TOKENS_RECEIVED"
}
}
Invalid pagination token (out of range) (422)
Invalid **pagination**. See error message for exact reason.
{
"error": {
"message": "Pagination token is invalid for this query",
"type": "INVALID_PAGINATION_TOKEN"
}
}
Invalid startTime (too far in the future) (422)
Invalid **startTime**. See error message for exact reason.
{
"error": {
"message": "Provided startTime is in the future",
"type": "INVALID_TIME_RANGE"
}
}
Invalid startTime (too far in the past) (422)
Invalid **startTime**. See error message for exact reason.
{
"error": {
"message": "Provided startTime is too far in the past. Audit log events are stored for 180 days.",
"type": "INVALID_TIME_RANGE"
}
}
Invalid time (422)
Invalid **startTime** or **endTime**. See error message for exact reason.
{
"error": {
"message": "startTime cannot be same or after endTime",
"type": "INVALID_TIME_RANGE"
}
}
Request (example)
Copy
$
curl "https://api.airtable.com/v0/meta/enterpriseAccounts/{enterpriseAccountId}/auditLogEvents" \
-H "Authorization: Bearer YOUR_TOKEN"
200 – Response (example)
{
"events": [
{
"action": "createBase",
"actor": {
"type": "user",
"user": {
"email": "foo@bar.com",
"id": "usrL2PNC5o3H4lBEi",
"name": "Jane Doe"
}
},
"context": {
"actionId": "actxr1mLqZz1T35FA",
"baseId": "appLkNDICXNqxSDhG",
"enterpriseAccountId": "entUBq2RGdihxl3vU",
"interfaceId": "pbdyGA3PsOziEHPDE",
"workspaceId": "wspmhESAta6clCCwF"
},
"id": "01FYFFDE39BDDBC0HWK51R6GPF",
"modelId": "appLkNDICXNqxSDhG",
"modelType": "base",
"origin": {
"ipAddress": "1.2.3.4",
"sessionId": "sesE3ulSADiRNhqAv",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
},
"payload": {
"name": "My newly created base!"
},
"payloadVersion": "1.0",
"timestamp": "2022-02-01T21:25:05.663Z"
}
],
"pagination": {
"next": "MDFHUk5OMlM4MFhTNkY0R0M2QVlZTVZNNDQ=",
"previous": "MDFHUk5ITVhNMEE4UFozTlg1SlFaRlMyOFM="
}
}