Service updates
For service updates on audit logs, please visit our changelog in the Asana Community Forum here.
Accessing audit log API endpoints
Note that only Service Accounts belonging to organizations on the Asana Enterprise+ tier, as well as legacy tier Legacy Enterprise, can access audit log API endpoints. Authentication with a Service Account's personal access token is required.
Asana's audit log is an immutable log of important events in your organization's Asana instance.
The audit log API allows you to monitor and act upon important security and compliance-related changes. Organizations might use this API endpoint to:
-
Set up proactive alerting with a Security Information and Event Management (SIEM) tool like Splunk
-
Conduct reactive investigations when a security incident takes place
-
Visualize key domain data in aggregate to identify security trends
Note that since the API provides insight into what is happening in an Asana instance, the data is read-only. That is, there are no "write" or "update" endpoints for audit log events.
For a full list of supported events, see supported audit log events.
AuditLogEvent
| Property | Type | Description |
|---|---|---|
gid | string | Globally unique identifier of the AuditLogEvent, as a string. |
created_at | string (date-time) | The time the event was created. |
event_type | string | The type of the event. |
event_category | string | The category that this event_type belongs to. |
actor | object | The entity that triggered the event. Will typically be a user. |
actor.actor_type | string | The type of actor. Can be one of user, asana, asana_support, anonymous, or external_administrator. Values can be: user, asana, asana_support, anonymous, external_administrator. |
actor.gid | string | Globally unique identifier of the actor, if it is a user. |
actor.name | string | The name of the actor, if it is a user. |
actor.email | string | The email of the actor, if it is a user. |
resource | object | The primary object that was affected by this event. |
resource.resource_type | string | The type of resource. |
resource.resource_subtype | string | The subtype of resource. Most resources will not have a subtype. |
resource.gid | string | Globally unique identifier of the resource. |
resource.name | string | The name of the resource. |
resource.email | string | The email of the resource, if applicable. |
details | object | Event specific details. The schema will vary depending on the event_type. |
details.old_value | string | |
details.new_value | string | |
details.group | object | |
context | object | The context from which this event originated. |
context.context_type | string | The type of context. Can be one of web, desktop, mobile, asana_support, asana, email, or api. Values can be: web, desktop, mobile, asana_support, asana, email, api. |
context.api_authentication_method | string | The authentication method used in the context of an API request. Only present if the context_type is api. Can be one of cookie, oauth, personal_access_token, or service_account. Values can be: cookie, oauth, personal_access_token, service_account. |
context.client_ip_address | string | The IP address of the client that initiated the event, if applicable. |
context.user_agent | string | The user agent of the client that initiated the event, if applicable. |
context.oauth_app_name | string | The name of the OAuth App that initiated the event. Only present if the api_authentication_method is oauth. |
context.rule_name | string | The name of the automation rule that initiated the event. |
Example JSON for AuditLogEvent:
{
"gid": "12345",
"created_at": "2021-01-01T00:00:00.000Z",
"event_type": "task_deleted",
"event_category": "deletion",
"actor": {
"actor_type": "user",
"gid": "1111",
"name": "Greg Sanchez",
"email": "gregsanchez@example.com"
},
"resource": {
"resource_type": "task",
"resource_subtype": "milestone",
"gid": "1111",
"name": "Example Task",
"email": "example string"
},
"details": {
"old_value": "example string",
"new_value": "example string",
"group": {}
},
"context": {
"context_type": "web",
"api_authentication_method": "example string",
"client_ip_address": "1.1.1.1",
"user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36",
"oauth_app_name": "example string",
"rule_name": "When Task is added to this project"
}
}