Audit logs - Cloudflare TypeScript SDK

The Audit Logs API provides access to account-level audit logs, allowing you to track changes and actions performed on your Cloudflare account.

List audit logs

Retrieve a list of audit logs for an account. You can filter by who made the change, which zone was affected, and the timeframe.

for await (const log of client.auditLogs.list({
  account_id: '023e105f4ecef8ad9ca31a8372d0c353',
  since: '2024-01-01T00:00:00Z',
  direction: 'desc'
})) {
  console.log(log.action?.type, log.actor?.email, log.when);
}

account_id

string

required

Account identifier

string

Find a specific log by its ID

action

object

Filter by action

Show child attributes

type

string

Filter by the action type (e.g., “create”, “update”, “delete”)

actor

object

Filter by actor who performed the action

Show child attributes

string

Filter by the email address of the actor that made the change

string

Filter by the IP address of the request that made the change (supports CIDR ranges)

zone

object

Filter by zone

Show child attributes

name

string

Filter by the name of the zone associated with the change

since

string

Limits results to logs newer than the specified date (RFC3339 format)

before

string

Limits results to logs older than the specified date (RFC3339 format)

direction

string

Changes the direction of chronological sortingOptions: desc | asc

page

number

Page number for pagination

per_page

number

Number of items per page (default: 25, max: 1000)

hide_user_logs

boolean

Indicates whether to hide user level audit logs

export

boolean

Indicates that this request is an export of logs in CSV format

Response fields

string

A string that uniquely identifies the audit log

when

string

A UTC RFC3339 timestamp that specifies when the action occurred

action

object

Information about the action performed

Show child attributes

type

string

A short string describing the action performed

result

boolean

Indicates if the action was successful

actor

object

Information about who performed the action

Show child attributes

string

The ID of the actor (e.g., User ID)

string

The email of the user that performed the action

string

The IP address of the request

type

string

The type of actor: user, admin, or Cloudflare

resource

object

Information about the resource that was affected

Show child attributes

string

An identifier for the resource

type

string

The type of resource

owner

object

The owner of the resource

Show child attributes

string

Owner identifier

interface

string

The source of the event (e.g., “API”, “Dashboard”)

metadata

unknown

An object providing additional context to the action being logged. This is a flexible value that varies between actions

newValue

string

The new value of the resource that was modified

oldValue

string

The value of the resource before it was modified

Example response

{
  "id": "f1234567-89ab-cdef-0123-456789abcdef",
  "when": "2024-03-15T14:32:10Z",
  "action": {
    "type": "zone_setting_update",
    "result": true
  },
  "actor": {
    "id": "a1234567890bcdef1234567890abcdef",
    "email": "user@example.com",
    "ip": "192.0.2.1",
    "type": "user"
  },
  "resource": {
    "id": "023e105f4ecef8ad9ca31a8372d0c353",
    "type": "zone"
  },
  "interface": "API",
  "metadata": {
    "zone_name": "example.com"
  }
}

Documentation Index

​List audit logs

​Response fields

​Example response

List audit logs

Response fields

Example response