Query audit records

Returns audit records for the authenticated user's tenant, ordered latest
to oldest, with optional filters for audit domains, actor IDs, and a
Unix-timestamp time range. Uses cursor-based pagination.

Tenant is derived from the user token — do not pass tenant as a path or
query parameter.

Pagination: When continuationToken is non-null in the response,
post the same request body with pagination.continuationToken set to
the returned value to fetch the next page. The nextPageLink field
provides the full endpoint URL for convenience.

Audit domain hierarchy: Each value in auditDomains automatically
expands to include all child domains. For example, passing
"Security & Permissions" returns records across all Security &
Permissions sub-domains (SSO Settings, Watermark Templates, etc.).

Excluding domains: Use ignoredAuditDomains to exclude specific
domains (and their descendants) from results. Exclusion takes precedence
over inclusion — a domain in both auditDomains and ignoredAuditDomains
will be excluded. When ignoredAuditDomains is omitted or empty, no
domains are excluded.

Rate limit: Tier 2 (60 requests/minute per tenant).

Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…
Body Params

Query parameters for filtering and paginating audit records.

auditDomains
array of strings

Optional filter by audit domain(s). When omitted, records from all
domains are returned. When provided, must contain at least one value
and all values must be recognized domain names (case-insensitive).

Hierarchy expansion: If the specified domain has child domains, it
automatically expands to include all of them. For example,
"Security & Permissions" also returns records for
"Security & Permissions / SSO Settings",
"Security & Permissions / Watermark Templates", and all other
sub-domains. If the specified domain is already a leaf (no children),
only records for that exact domain are returned.

Valid values:

  • People
  • Security & Permissions
  • Security & Permissions / Password Policy
  • Security & Permissions / Permissions
  • Security & Permissions / SSO Settings
  • Security & Permissions / LiveSend Permissions
  • Security & Permissions / Network Security
  • Security & Permissions / Certificate Management
  • Security & Permissions / Privacy Management
  • Security & Permissions / Privacy Management / Data Privacy Settings
  • Security & Permissions / Privacy Management / User Data
  • Security & Permissions / Privacy Management / Contact Management
  • Security & Permissions / Privacy Management / Contact Communication
  • Security & Permissions / Privacy Management / User Management
  • Security & Permissions / Watermark Templates
  • Security & Permissions / Data Management
  • Security & Permissions / Virus Scan
  • Security & Permissions / Impersonation Settings
  • External Connections
  • External Connections / External Content
  • External Connections / SQL Connections
  • External Connections / DataSource Settings
  • External Connections / External Systems
  • Application Settings
  • Application Settings / System Options
  • Application Settings / Common Settings
  • Application Settings / Home Page & Page Settings
  • Application Settings / Welcome Email
  • Application Settings / Web Settings
  • Application Settings / LiveDoc Settings
  • Application Settings / WorkSpace Settings
  • Application Settings / DocCenter Settings
  • Application Settings / iOS Application
  • Application Settings / Android Application
  • Application Settings / Desktop Sync Application
  • Application Settings / Salesforce Application
  • Application Settings / SharePoint Application
  • Application Settings / Windows 8 Application
  • Application Settings / Plugin Application
  • Application Settings / Programs Settings
  • Application Settings / Custom Content Type Settings
  • Application Settings / LiveSend Viewer
  • Application Settings / Microapp Settings
  • Application Settings / Predictive Content
  • Application Settings / Embedded Applications
  • Application Settings / Engagement Center
  • Application Settings / Meeting Settings
  • Application Settings / Digital Sales Room Settings
  • General Settings
  • General Settings / Brand Management
  • General Settings / Custom Properties
  • General Settings / Notification Settings
  • General Settings / Search Settings
  • General Settings / Email Settings
  • General Settings / Content Id Settings
  • General Settings / Font Management
  • General Settings / All TeamSites
  • General Settings / Delivery Options
  • General Settings / Email Design Settings
  • General Settings / Approval Process Settings
  • Manage Apps
  • Manage Apps / My Apps
auditDomains
ignoredAuditDomains
array of strings

Optional list of audit domains to exclude from results. When omitted
or empty, no domains are excluded. When provided, each value must be
a recognized domain name (case-insensitive).

Hierarchy expansion: A parent domain in this list excludes all
its child domains as well. For example, "Security & Permissions / Privacy Management" also excludes all Privacy Management sub-domains.

Exclusion precedence: If the same domain appears in both
auditDomains and ignoredAuditDomains, it is excluded from results.

Accepts the same valid values as auditDomains.

ignoredAuditDomains
actorIds
array of uuids

Optional filter to return only records where the actor matches one
of the provided IDs. When provided, must contain at least one value.

actorIds
string

Optional filter to return only records where the target resource type
matches this value (case-sensitive exact match). Whitespace is trimmed.

string

Optional filter to return only records where the target resource name
matches this value (case-sensitive exact match). Whitespace is trimmed.

impersonatedBy
array of uuids

Optional filter to return only records where the action was performed
via impersonation by one of the provided actor IDs.

impersonatedBy
timeRange
object

Optional Unix-timestamp (milliseconds) time range filter.

pagination
object

Pagination control.

Headers
string
enum
Defaults to application/json

Generated from available response content types

Allowed:
Responses

Language
Credentials
Bearer
JWT
LoadingLoading…
Response
Click Try It! to start a request and see the response here! Or choose an example:
application/json
application/problem+json