Home
Content Management API
Main resources
Upload-related
Site Search
Environments
UI
Workflows
Async jobs
Roles & permissions
Webhooks
Hosting & CI integrations
Subscription
Enterprise
    Show examples in:
    List Audit Log events

    The Audit Logs API allows to monitor events happening in an Enterprise project. It ensures continued compliance, safeguarding against any inappropriate system access, and allows you to audit suspicious behavior within your enterprise.

    You can use this part of the API to:

    • Automatically feed DatoCMS access data into an SIEM or other auditing tool;
    • Proactively monitor for potential security issues or malicious access attempts;
    • Write custom apps to gain insight into how your organization uses DatoCMS.

    Please note that DatoCMS does not perform any kind of automated intrusion detection. The Audit Logs API will return the data but can not automatically determine or indicate whether an action was appropriate.

    Pagination

    A single request might not return the full results. To get the remaining results, you can use the meta.next_token of a response as a next_token attribute for the next request, until the response returns null as the next token.

    Filtering events

    You can use the filter parameter to pass an SQL-like query (PartiQL) to filter events. Any attribute of the event payload can be used in a condition.

    To filter for date, you can use the event id attribute, which is an ULID (Universally Unique Lexicographically Sortable Identifier) together with the min_ulid() function, which takes a Unix timestamp.

    The following query returns actions performed in Q1 2021 (January to March):

    id >= min_ulid(1609455600) AND id < min_ulid(1617228000)

    Other query examples will follow:

    -- Return actions of type 'items.update' only
    action_name = 'items.update'
      
    -- Returns actions whose name begins with 'fields'
    begins_with(action_name, 'fields') -- Includes `fields.update`, `fields.destroy`, etc,
      
    -- Returns actions containing 'destroy'
    contains(action_name, 'update') -- Includes `fields.update`, `plugins.update`, `items.update`, etc.
    -- Return actions performed by a collaborator
    actor.type = 'user'
    -- Return actions performed by a specific collaborator
    actor.type = 'user' AND actor.id = '4845293'
    -- Return publishing actions for the record 239408
    request.path = '/items/239408/publish'
    -- Return all record creations for the model 855832
    action_name = 'items.create' AND request.payload.data.relationships.item_type.data.id = '855832'

    Body Parameters

    filter  Optional  string  Example: "id > min_ulid(1624452728)"

    An SQL-like expression to filter the events

    next_token  Optional  string  Example: "E5188+SCXtvvXVUFkqmwtQJd3V3lJIOsZBjHvTYz"

    Set this value to get remaining results, if a meta.next_token was returned in the previous query response

    detailed_log  Optional  boolean  Example: true

    Whether a detailed log complete with full request and response payload must be returned or not

    Returns

    Returns an array of audit_log_event resource objects.

    Examples

    Example Basic example 
    import { buildClient } from '@datocms/cma-client-node';
    async function run() {
      const client = buildClient({ apiToken: '<YOUR_API_TOKEN>' });
      
      const auditLogEvents = await client.auditLogEvents.query({});
      
      auditLogEvents.forEach((auditLogEvent) => {
        console.log(auditLogEvent);
      });
    }
    run();
    Did this doc help you?
    Still need help?
    Explore our forum, contact support, or connect with our sales team. You can also chat live with other users in our Slack channel.