Service updates
For service updates on audit logs, please visit our changelog in the Asana Community Forum here.
Accessing audit log API endpoints
Note that only Service Accounts belonging to organizations on the Asana Enterprise+ tier, as well as legacy tier Legacy Enterprise, can access audit log API endpoints. Authentication with a Service Account's personal access token is required.
Asana's audit log is an immutable log of important events in your organization's Asana instance.
The audit log API allows you to monitor and act upon important security and compliance-related changes. Organizations might use this API endpoint to:
-
Set up proactive alerting with a Security Information and Event Management (SIEM) tool like Splunk
-
Conduct reactive investigations when a security incident takes place
-
Visualize key domain data in aggregate to identify security trends
Note that since the API provides insight into what is happening in an Asana instance, the data is read-only. That is, there are no "write" or "update" endpoints for audit log events.
For a full list of supported events, see supported audit log events.
AuditLogEvent
An object representing a single event within an Asana domain.
Every audit log event is comprised of an event_type, actor, resource, and context. Some events will include additional metadata about the event under details. See our currently supported list of events for more details.
| Property | Type | Description |
|---|---|---|
gid | string | Globally unique identifier of the AuditLogEvent, as a string. |
actor | object | The entity that triggered the event. Will typically be a user |
actor.actor_type | string | The type of actor. Can be one of user, asana, asana_support, anonymous, or external_administrator. |
actor.email | string | The email of the actor, if it is a user. |
actor.gid | string | Globally unique identifier of the actor, if it is a user. |
actor.name | string | The name of the actor, if it is a user. |
context | object | The context from which this event originated. |
context.api_authentication_method | string | The authentication method used in the context of an API request. Only present if the context_type is api. Can be one of cookie, oauth, personal_access_token, or service_account. |
context.client_ip_address | string | The IP address of the client that initiated the event, if applicable. |
context.context_type | string | The type of context. Can be one of web, desktop, mobile, asana_support, asana, email, or api. |
context.oauth_app_name | string | The name of the OAuth App that initiated the event. Only present if the api_authentication_method is oauth. |
context.rule_name | string | The name of the automation rule that initiated the event. |
context.user_agent | string | The user agent of the client that initiated the event, if applicable. |
created_at | string(date-time) | The time the event was created. |
details | object | Event-specific details. The schema will vary depending on the event_type. |
details.group | object | The group value. |
details.new_value | string¦null | The old value of the resource. |
details.old_value | string¦null | The new value of the resource. |
event_category | string | The category that this event_type belongs to. |
event_type | string | The type of the event. |
resource | object¦null | The primary object that was affected by this event. |
resource.email | string | The email of the resource, if applicable. |
resource.gid | string | Globally unique identifier of the resource. |
resource.name | string | The name of the resource. |
resource.resource_subtype | string | The subtype of resource. Most resources will not have a subtype. |
resource.resource_type | resource_type string | The type of resource. |
{
"gid": "12345",
"actor": {
"actor_type": "user",
"email": "[email protected]",
"gid": "1111",
"name": "Greg Sanchez"
},
"context": {
"api_authentication_method": "cookie",
"client_ip_address": "1.1.1.1",
"context_type": "web",
"oauth_app_name": "string",
"rule_name": "When Task is added to this project",
"user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
},
"created_at": "2021-01-01T00:00:00.000Z",
"details": {},
"event_category": "deletion",
"event_type": "task_deleted",
"resource": {
"email": "string",
"gid": "1111",
"name": "Example Task",
"resource_subtype": "milestone",
"resource_type": "task"
}
}