Audit log API

🚧

Service updates

For service updates on audit logs, please visit our changelog in the Asana Community Forum here.

📘

Accessing audit log API endpoints

Note that only Service Accounts belonging to organizations on the Asana Enterprise+ tier, as well as legacy tier Legacy Enterprise, can access audit log API endpoints. Authentication with a Service Account's personal access token is required.

Asana's audit log is an immutable log of important events in your organization's Asana instance.

The audit log API allows you to monitor and act upon important security and compliance-related changes. Organizations might use this API endpoint to:

  • Set up proactive alerting with a Security Information and Event Management (SIEM) tool like Splunk

  • Conduct reactive investigations when a security incident takes place

  • Visualize key domain data in aggregate to identify security trends

Note that since the API provides insight into what is happening in an Asana instance, the data is read-only. That is, there are no "write" or "update" endpoints for audit log events.

For a full list of supported events, see supported audit log events.


AuditLogEvent

An object representing a single event within an Asana domain.

Every audit log event is comprised of an event_type, actor, resource, and context. Some events will include additional metadata about the event under details. See our currently supported list of events for more details.

PropertyTypeDescription
gidstringGlobally unique identifier of the AuditLogEvent, as a string.
actorobjectThe entity that triggered the event. Will typically be a user
actor.actor_typestringThe type of actor. Can be one of user, asana, asana_support, anonymous, or external_administrator.
actor.emailstringThe email of the actor, if it is a user.
actor.gidstringGlobally unique identifier of the actor, if it is a user.
actor.namestringThe name of the actor, if it is a user.
contextobjectThe context from which this event originated.
api_authentication_methodstringThe authentication method used in the context of an API request. Only present if the context_type is api. Can be one of cookie, oauth, personal_access_token, or service_account.
client_ip_addressstringThe IP address of the client that initiated the event, if applicable.
context_typestringThe type of context. Can be one of web, desktop, mobile, asana_support, asana, email, or api.
oauth_app_namestringThe name of the OAuth App that initiated the event. Only present if the api_authentication_method is oauth.
user_agentstringThe user agent of the client that initiated the event, if applicable.
created_atstring(date-time)The time the event was created.
detailsobjectEvent-specific details. The schema will vary depending on the event_type.
event_categorystringThe category that this event_type belongs to.
event_typestringThe type of the event.
resourceobject¦nullThe primary object that was affected by this event.
resource.emailstringThe email of the resource, if applicable.
resource.gidstringGlobally unique identifier of the resource.
resource.namestringThe name of the resource.
resource.resource_subtypestringThe subtype of resource. Most resources will not have a subtype.
resource.resource_typeresource_type stringThe type of resource.
{
  "gid": "12345",
  "actor": {
    "actor_type": "user",
    "email": "[email protected]",
    "gid": "1111",
    "name": "Greg Sanchez"
  },
  "context": {
    "api_authentication_method": "cookie",
    "client_ip_address": "1.1.1.1",
    "context_type": "web",
    "oauth_app_name": "string",
    "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
  },
  "created_at": "2021-01-01T00:00:00.000Z",
  "details": {},
  "event_category": "deletion",
  "event_type": "task_deleted",
  "resource": {
    "email": "string",
    "gid": "1111",
    "name": "Example Task",
    "resource_subtype": "milestone",
    "resource_type": "task"
  }
}