List Audit log events

import requests
url = "https://example.ada.support/api/v2/analytics/audit-log/events/"
querystring = {"start_date":"start_date"}
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, headers=headers, params=querystring)
print(response.json())

{
  "data": [
    {
      "id": "7f1c2d3e-4b5a-6c7d-8e9f-0a1b2c3d4e5f",
      "timestamp": "2026-06-09T12:34:56.789+00:00",
      "entity_type": "playbook",
      "entity_id": "65a17e3f43bec88e2792d0eb",
      "activity": "updated",
      "actor_email": "admin@example.com",
      "actor_name": "Dana Admin",
      "actor_user_id": "65a17e3f43bec88e2792d0ec",
      "entity_name": "Refund flow",
      "interface": "dashboard",
      "context_ip": "203.0.113.42",
      "context_user_agent": "Mozilla/5.0",
      "api_key_name": ""
    }
  ],
  "meta": {
    "next_page_url": "https://example.ada.support/api/v2/analytics/audit-log/events/?start_date=2026-06-01T00%3A00%3A00.000%2B00%3A00&end_date=2026-06-09T00%3A00%3A00.000%2B00%3A00&cursor=MjAyNi0wNi0wOVQxMjozNDo1Ni43ODkrMDA6MDA6OmFiYzo6ZGVhZGJlZWZjYWZl"
  }
}

Retrieve the authenticated account’s own Audit log events, newest first, in cursor-paginated pages. Intended for pulling the Audit log into a SIEM.

Pagination is cursor-based: read meta.next_page_url and replay it verbatim to fetch the next page. next_page_url is null on the last or empty page. The time window and cursor must be held constant across pages; the recommended way to guarantee this is to replay the returned next_page_url unchanged.

No field filters are exposed: callers pull the full time window and filter on their own side (the SIEM).

Validation errors (missing or invalid start_date or end_date, a window wider than 30 days, a malformed cursor, or a window change mid-pagination) return 400.

Rate limits (per account): 10 requests per second, 120 per minute, and 40,000 per day. A 429 means a limit was exceeded; back off and retry. For ongoing ingestion, poll on a steady cadence (for example, every few minutes) rather than in a tight loop.

Backfilling vs incremental pulls: a single request covers at most 30 days. To backfill more history, issue successive requests over adjacent windows of up to 30 days. For incremental pulls, set start_date to just after the newest timestamp you have already stored, then follow next_page_url until it is null.

Retrieve the authenticated account's own Audit log events, newest first, in cursor-paginated pages. Intended for pulling the Audit log into a SIEM. Pagination is cursor-based: read `meta.next_page_url` and replay it verbatim to fetch the next page. `next_page_url` is `null` on the last or empty page. The time window and `cursor` must be held constant across pages; the recommended way to guarantee this is to replay the returned `next_page_url` unchanged. No field filters are exposed: callers pull the full time window and filter on their own side (the SIEM). Validation errors (missing or invalid `start_date` or `end_date`, a window wider than 30 days, a malformed cursor, or a window change mid-pagination) return `400`. Rate limits (per account): 10 requests per second, 120 per minute, and 40,000 per day. A `429` means a limit was exceeded; back off and retry. For ongoing ingestion, poll on a steady cadence (for example, every few minutes) rather than in a tight loop. Backfilling vs incremental pulls: a single request covers at most 30 days. To backfill more history, issue successive requests over adjacent windows of up to 30 days. For incremental pulls, set `start_date` to just after the newest `timestamp` you have already stored, then follow `next_page_url` until it is `null`.

Authentication

AuthorizationBearer

Bearer authentication of the form Bearer <token>, where token is your auth token.

Query parameters

start_datestringRequiredformat: "date-time"

Start of the time window (inclusive), ISO 8601. The window (end_date - start_date) may not exceed 30 days.

end_datestringOptionalformat: "date-time"

End of the time window (inclusive), ISO 8601. When omitted it defaults to the request time (UTC); the resolved value is reflected in next_page_url, so replay the returned next_page_url verbatim to keep the window fixed across pages.

limitintegerOptional1-1000Defaults to 50

Maximum events per page. Out-of-range or non-integer values are rejected with 400; the applied limit is not echoed in the response.

cursorstringOptional

Opaque base64-encoded pagination cursor from a previous response’s meta.next_page_url. Treat it as an opaque token, not an id. The time window and cursor must be held constant across pages: replay the returned next_page_url unchanged.

Response

A cursor-paginated page of Audit log events

datalist of objects

The page of Audit log events (at most limit items)

metaobject

Pagination metadata

Errors

400

Bad Request Error

401

Unauthorized Error

404

Not Found Error

429

Too Many Requests Error

500

Internal Server Error

Retrieve the authenticated account’s own Audit log events, newest first, in cursor-paginated pages. Intended for pulling the Audit log into a SIEM.

No field filters are exposed: callers pull the full time window and filter on their own side (the SIEM).

Validation errors (missing or invalid start_date or end_date, a window wider than 30 days, a malformed cursor, or a window change mid-pagination) return 400.