🚧
Service updates
For service updates on audit logs, please visit our changelog in the Asana Community Forum here.

📘
Accessing audit log API endpoints
Note that only Service Accounts belonging to organizations on the Asana Enterprise+ tier, legacy tier Legacy Enterprise, or an Enterprise domain with the Compliance Management Add-on can access audit log API endpoints. Authentication with a Service Account Token is required.

Asana's audit log is an immutable log of important events in your organization's Asana instance.

The audit log API allows you to monitor and act upon important security and compliance-related changes. Organizations might use this API endpoint to:

Set up proactive alerting with a Security Information and Event Management (SIEM) tool like Splunk
Conduct reactive investigations when a security incident takes place
Visualize key domain data in aggregate to identify security trends

Note that since the API provides insight into what is happening in an Asana instance, the data is read-only. That is, there are no "write" or "update" endpoints for audit log events.

For a full list of supported events, see supported audit log events.

AuditLogEvent

Property	Type	Description
`gid`	string	Globally unique identifier of the `AuditLogEvent`, as a string.
`created_at`	string (date-time)	The time the event was created.
`event_type`	string	The type of the event.
`event_category`	string	The category that this `event_type` belongs to.
`actor`	object	The entity that triggered the event. Will typically be a user.
`actor.actor_type`	string	The type of actor. Can be one of `user`, `asana`, `asana_support`, `anonymous`, or `external_administrator`. Click to show all enum values `anonymous` `asana` `asana_support` `external_administrator` `user`
`actor.gid`	string	Globally unique identifier of the actor, if it is a user.
`actor.name`	string	The name of the actor, if it is a user.
`actor.email`	string	The email of the actor, if it is a user.
`resource`	object	The primary object that was affected by this event.
`resource.resource_type`	string	The type of resource.
`resource.resource_subtype`	string	The subtype of resource. Most resources will not have a subtype.
`resource.gid`	string	Globally unique identifier of the resource.
`resource.name`	string	The name of the resource.
`resource.email`	string	The email of the resource, if applicable.
`details`	object	Event specific details. The schema will vary depending on the `event_type`.
`details.old_value`	string	The previous value of the field that was modified in the audited event.
`details.new_value`	string	The new value after the modification in the audited event.
`details.group`	object	The division or organizational unit where the event occurred. Primarily used to scope role change events (e.g., `user_division_admin_role_changed`), but may appear in other contexts involving group-level changes.
`details.saml_response`	string	The response received from the IdP when a user logs in with SAML SSO. Present on `user_login_failed` and `user_login_succeeded` events.
`context`	object	The context from which this event originated.
`context.context_type`	string	The type of context. Can be one of `web`, `desktop`, `mobile`, `asana_support`, `asana`, `email`, or `api`. Click to show all enum values `api` `asana` `asana_support` `desktop` `email` `mobile` `web`
`context.api_authentication_method`	string	The authentication method used in the context of an API request. Only present if the `context_type` is `api`. Can be one of `cookie`, `oauth`, `personal_access_token`, or `service_account`. Click to show all enum values `cookie` `oauth` `personal_access_token` `service_account`
`context.client_ip_address`	string	The IP address of the client that initiated the event, if applicable.
`context.user_agent`	string	The user agent of the client that initiated the event, if applicable.
`context.oauth_app_name`	string	The name of the OAuth App that initiated the event. Only present if the `api_authentication_method` is `oauth`.
`context.rule_name`	string	The name of the automation rule that initiated the event.
`context.on_behalf_of_user_id`	integer	The ID of the user who requested a change via support.

Example JSON for AuditLogEvent:

{
  "gid": "12345",
  "created_at": "2021-01-01T00:00:00.000Z",
  "event_type": "task_deleted",
  "event_category": "deletion",
  "actor": {
    "actor_type": "user",
    "gid": "1111",
    "name": "Greg Sanchez",
    "email": "gregsanchez@example.com"
  },
  "resource": {
    "resource_type": "task",
    "resource_subtype": "milestone",
    "gid": "1111",
    "name": "Example Task",
    "email": "example string"
  },
  "details": {
    "old_value": "example string",
    "new_value": "example string",
    "group": {},
    "saml_response": "example string"
  },
  "context": {
    "context_type": "web",
    "api_authentication_method": "example string",
    "client_ip_address": "1.1.1.1",
    "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36",
    "oauth_app_name": "example string",
    "rule_name": "When Task is added to this project",
    "on_behalf_of_user_id": 12345
  }
}

See also

See also