# Search audit log entries
POST https://app.launchdarkly.com/api/v2/auditlog
Content-Type: application/json
Search your audit log entries. The query parameters let you restrict the results that return by date ranges, or a full-text search query. The request body lets you restrict the results that return by resource specifiers.
LaunchDarkly uses a resource specifier syntax to name resources or collections of resources. To learn more, read [About the resource specifier syntax](https://launchdarkly.com/docs/home/account/role-resources#about-the-resource-specifier-syntax).
Reference: https://launchdarkly.com/docs/api/audit-log/post-audit-log-entries
## OpenAPI Specification
```yaml
openapi: 3.1.0
info:
title: LaunchDarkly REST API
version: 1.0.0
paths:
/api/v2/auditlog:
post:
operationId: post-audit-log-entries
summary: Search audit log entries
description: >
Search your audit log entries. The query parameters let you restrict the
results that return by date ranges, or a full-text search query. The
request body lets you restrict the results that return by resource
specifiers.
LaunchDarkly uses a resource specifier syntax to name resources or
collections of resources. To learn more, read [About the resource
specifier
syntax](https://launchdarkly.com/docs/home/account/role-resources#about-the-resource-specifier-syntax).
tags:
- subpackage_auditLog
parameters:
- name: before
in: query
description: >-
A timestamp filter, expressed as a Unix epoch time in milliseconds.
All entries returned occurred before the timestamp.
required: false
schema:
type: integer
format: int64
- name: after
in: query
description: >-
A timestamp filter, expressed as a Unix epoch time in milliseconds.
All entries returned occurred after the timestamp.
required: false
schema:
type: integer
format: int64
- name: q
in: query
description: >-
Text to search for. You can search for the full or partial name of
the resource.
required: false
schema:
type: string
format: string
- name: limit
in: query
description: >-
A limit on the number of audit log entries that return. Set between
1 and 20. The default is 10.
required: false
schema:
type: integer
format: int64
- name: Authorization
in: header
required: true
schema:
type: string
responses:
'200':
description: Audit log entries response
content:
application/json:
schema:
$ref: '#/components/schemas/AuditLogEntryListingRepCollection'
'400':
description: Invalid request
content:
application/json:
schema:
$ref: '#/components/schemas/InvalidRequestErrorRep'
'401':
description: Invalid access token
content:
application/json:
schema:
$ref: '#/components/schemas/UnauthorizedErrorRep'
'403':
description: Forbidden
content:
application/json:
schema:
$ref: '#/components/schemas/ForbiddenErrorRep'
'429':
description: Rate limited
content:
application/json:
schema:
$ref: '#/components/schemas/RateLimitedErrorRep'
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/StatementPostList'
servers:
- url: https://app.launchdarkly.com
- url: https://app.launchdarkly.us
components:
schemas:
ActionSpecifier:
type: string
title: ActionSpecifier
StatementPostEffect:
type: string
enum:
- allow
- deny
description: Whether this statement should allow or deny actions on the resources.
title: StatementPostEffect
StatementPost:
type: object
properties:
resources:
type: array
items:
type: string
description: Resource specifier strings
notResources:
type: array
items:
type: string
description: >-
Targeted resources are the resources NOT in this list. The
resources field must be empty to use this field.
actions:
type: array
items:
$ref: '#/components/schemas/ActionSpecifier'
description: Actions to perform on a resource
notActions:
type: array
items:
$ref: '#/components/schemas/ActionSpecifier'
description: >-
Targeted actions are the actions NOT in this list. The
actions field must be empty to use this field.
effect:
$ref: '#/components/schemas/StatementPostEffect'
description: >-
Whether this statement should allow or deny actions on the
resources.
required:
- effect
title: StatementPost
StatementPostList:
type: array
items:
$ref: '#/components/schemas/StatementPost'
title: StatementPostList
Link:
type: object
properties:
href:
type: string
description: The URL of the link
type:
type: string
description: The type of the link
title: Link
UnixMillis:
type: integer
format: int64
title: UnixMillis
ActionIdentifier:
type: string
title: ActionIdentifier
ResourceAccess:
type: object
properties:
action:
$ref: '#/components/schemas/ActionIdentifier'
resource:
type: string
title: ResourceAccess
ResourceKind:
type: string
title: ResourceKind
SubjectDataRep:
type: object
properties:
_links:
type: object
additionalProperties:
$ref: '#/components/schemas/Link'
name:
type: string
description: The subject's name
avatarUrl:
type: string
description: The subject's avatar
title: SubjectDataRep
MemberDataRep:
type: object
properties:
_links:
type: object
additionalProperties:
$ref: '#/components/schemas/Link'
_id:
type: string
description: The member ID
email:
type: string
description: The member email
firstName:
type: string
description: The member first name
lastName:
type: string
description: The member last name
title: MemberDataRep
TokenSummary:
type: object
properties:
_links:
type: object
additionalProperties:
$ref: '#/components/schemas/Link'
_id:
type: string
name:
type: string
description: The name of the token
ending:
type: string
description: The last few characters of the token
serviceToken:
type: boolean
description: Whether this is a service token
title: TokenSummary
AuthorizedAppDataRep:
type: object
properties:
_links:
type: object
additionalProperties:
$ref: '#/components/schemas/Link'
_id:
type: string
description: The ID of the authorized application
isScim:
type: boolean
description: Whether the application is authorized through SCIM
name:
type: string
description: The authorized application name
maintainerName:
type: string
description: The name of the maintainer for this authorized application
title: AuthorizedAppDataRep
TargetResourceRep:
type: object
properties:
_links:
type: object
additionalProperties:
$ref: '#/components/schemas/Link'
name:
type: string
description: The name of the resource
resources:
type: array
items:
type: string
description: The resource specifier
title: TargetResourceRep
ParentResourceRep:
type: object
properties:
_links:
type: object
additionalProperties:
$ref: '#/components/schemas/Link'
name:
type: string
description: The name of the parent resource
resource:
type: string
description: The parent's resource specifier
title: ParentResourceRep
AuditLogEntryListingRep:
type: object
properties:
_links:
type: object
additionalProperties:
$ref: '#/components/schemas/Link'
description: The location and content type of related resources
_id:
type: string
description: The ID of the audit log entry
_accountId:
type: string
description: The ID of the account to which this audit log entry belongs
date:
$ref: '#/components/schemas/UnixMillis'
description: Timestamp of the audit log entry
accesses:
type: array
items:
$ref: '#/components/schemas/ResourceAccess'
description: >-
Details on the actions performed and resources acted on in this
audit log entry
kind:
$ref: '#/components/schemas/ResourceKind'
description: The type of resource this audit log entry refers to
name:
type: string
description: The name of the resource this audit log entry refers to
description:
type: string
description: Description of the change recorded in the audit log entry
shortDescription:
type: string
description: Shorter version of the change recorded in the audit log entry
comment:
type: string
description: Optional comment for the audit log entry
subject:
$ref: '#/components/schemas/SubjectDataRep'
description: >-
Details of the subject who initiated the action described in the
audit log entry
member:
$ref: '#/components/schemas/MemberDataRep'
description: >-
Details of the member who initiated the action described in the
audit log entry
token:
$ref: '#/components/schemas/TokenSummary'
description: >-
Details of the access token that initiated the action described in
the audit log entry
app:
$ref: '#/components/schemas/AuthorizedAppDataRep'
description: >-
Details of the authorized application that initiated the action
described in the audit log entry
titleVerb:
type: string
description: The action and resource recorded in this audit log entry
title:
type: string
description: >-
A description of what occurred, in the format member
titleVerb target
target:
$ref: '#/components/schemas/TargetResourceRep'
description: Details of the resource acted upon in this audit log entry
parent:
$ref: '#/components/schemas/ParentResourceRep'
required:
- _links
- _id
- _accountId
- date
- accesses
- kind
- name
- description
- shortDescription
title: AuditLogEntryListingRep
AuditLogEntryListingRepCollection:
type: object
properties:
items:
type: array
items:
$ref: '#/components/schemas/AuditLogEntryListingRep'
description: An array of audit log entries
_links:
type: object
additionalProperties:
$ref: '#/components/schemas/Link'
description: The location and content type of related resources
required:
- items
- _links
title: AuditLogEntryListingRepCollection
InvalidRequestErrorRep:
type: object
properties:
code:
type: string
description: Specific error code encountered
message:
type: string
description: Description of the error
required:
- code
- message
title: InvalidRequestErrorRep
UnauthorizedErrorRep:
type: object
properties:
code:
type: string
description: Specific error code encountered
message:
type: string
description: Description of the error
required:
- code
- message
title: UnauthorizedErrorRep
ForbiddenErrorRep:
type: object
properties:
code:
type: string
description: Specific error code encountered
message:
type: string
description: Description of the error
required:
- code
- message
title: ForbiddenErrorRep
RateLimitedErrorRep:
type: object
properties:
code:
type: string
description: Specific error code encountered
message:
type: string
description: Description of the error
required:
- code
- message
title: RateLimitedErrorRep
securitySchemes:
ApiKey:
type: apiKey
in: header
name: Authorization
```
## SDK Code Examples
```python
import requests
url = "https://app.launchdarkly.com/api/v2/auditlog"
payload = [{ "effect": "allow" }]
headers = {
"Authorization": "",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.json())
```
```javascript
const url = 'https://app.launchdarkly.com/api/v2/auditlog';
const options = {
method: 'POST',
headers: {Authorization: '', 'Content-Type': 'application/json'},
body: '[{"effect":"allow"}]'
};
try {
const response = await fetch(url, options);
const data = await response.json();
console.log(data);
} catch (error) {
console.error(error);
}
```
```go
package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://app.launchdarkly.com/api/v2/auditlog"
payload := strings.NewReader("[\n {\n \"effect\": \"allow\"\n }\n]")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Authorization", "")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}
```
```ruby
require 'uri'
require 'net/http'
url = URI("https://app.launchdarkly.com/api/v2/auditlog")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = ''
request["Content-Type"] = 'application/json'
request.body = "[\n {\n \"effect\": \"allow\"\n }\n]"
response = http.request(request)
puts response.read_body
```
```java
import com.mashape.unirest.http.HttpResponse;
import com.mashape.unirest.http.Unirest;
HttpResponse response = Unirest.post("https://app.launchdarkly.com/api/v2/auditlog")
.header("Authorization", "")
.header("Content-Type", "application/json")
.body("[\n {\n \"effect\": \"allow\"\n }\n]")
.asString();
```
```php
request('POST', 'https://app.launchdarkly.com/api/v2/auditlog', [
'body' => '[
{
"effect": "allow"
}
]',
'headers' => [
'Authorization' => '',
'Content-Type' => 'application/json',
],
]);
echo $response->getBody();
```
```csharp
using RestSharp;
var client = new RestClient("https://app.launchdarkly.com/api/v2/auditlog");
var request = new RestRequest(Method.POST);
request.AddHeader("Authorization", "");
request.AddHeader("Content-Type", "application/json");
request.AddParameter("application/json", "[\n {\n \"effect\": \"allow\"\n }\n]", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
```
```swift
import Foundation
let headers = [
"Authorization": "",
"Content-Type": "application/json"
]
let parameters = [["effect": "allow"]] as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://app.launchdarkly.com/api/v2/auditlog")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error as Any)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()
```