> ## Documentation Index
> Fetch the complete documentation index at: https://docs.hanko.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Get a list of audit logs



## OpenAPI

````yaml openapi-admin get /audit_logs
openapi: 3.0.3
info:
  version: 1.2.0
  title: Hanko Admin API
  description: >
    ## Introduction


    This is the OpenAPI specification for the [Hanko Admin
    API](https://github.com/teamhanko/hanko/blob/main/backend/README.md#start-private-api).


    ## Authentication


    The Admin API must be protected by an access management system.


    ---
  contact:
    email: developers@hanko.io
  license:
    name: AGPL-3.0-or-later
    url: https://www.gnu.org/licenses/agpl-3.0.txt
servers:
  - url: https://{tenant_id}.hanko.io/admin
    variables:
      tenant_id:
        default: ''
        description: The (UU)ID of a tenant. Replace the default value with your tenant ID.
security: []
externalDocs:
  description: More about Hanko
  url: https://github.com/teamhanko/hanko
paths:
  /audit_logs:
    get:
      tags:
        - Audit Logs
      summary: Get a list of audit logs
      operationId: listAuditLogs
      parameters:
        - in: query
          name: page
          schema:
            type: integer
            default: 1
          description: The page which should be returned
        - in: query
          name: per_page
          schema:
            type: integer
            default: 20
          description: The number of returned items
        - in: query
          name: start_time
          schema:
            type: string
            example: '2022-09-12T12:48:48.000Z'
          description: Date and time from which the logs are included
        - in: query
          name: end_time
          schema:
            type: string
            example: '2022-09-15T12:48:48.000Z'
          description: Date and time to which the logs are included
        - in: query
          name: actor_user_id
          schema:
            allOf:
              - $ref: '#/components/schemas/UUID4'
            example: c339547d-e17d-4ba7-8a1d-b3d5a4d17c1c
          description: Only audit logs with the specified user_id are included
        - in: query
          name: actor_email
          schema:
            type: string
            format: email
            example: example@example.com
          description: Only audit logs with the specified email are included
        - in: query
          name: meta_source_ip
          schema:
            oneOf:
              - type: string
                format: ipv4
              - type: string
                format: ipv6
            example: 127.0.0.1
          description: Only audit logs with the specified ip address are included
        - in: query
          name: q
          schema:
            type: string
            example: example.com
          description: >-
            Only audit logs are included when the search string matches values
            in meta_source_ip or actor_user_id or actor_email
        - in: query
          name: type
          schema:
            type: array
            items:
              allOf:
                - $ref: '#/components/schemas/AuditLogTypes'
            example: user_created
          style: form
          explode: true
          description: Only audit logs with the specified type are included
      responses:
        '200':
          description: Details about audit logs
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/AuditLog'
          headers:
            X-Total-Count:
              $ref: '#/components/headers/X-Total-Count'
            Link:
              $ref: '#/components/headers/Link'
        '500':
          $ref: '#/components/responses/InternalServerError'
      security:
        - BearerApiKeyAuth: []
components:
  schemas:
    UUID4:
      type: string
      format: uuid4
      example: c339547d-e17d-4ba7-8a1d-b3d5a4d17c1c
    AuditLogTypes:
      description: The type of the audit log
      type: string
      enum:
        - user_logged_out
        - password_set_succeeded
        - password_set_failed
        - password_login_succeeded
        - password_login_failed
        - passcode_login_init_succeeded
        - passcode_login_init_failed
        - passcode_login_final_succeeded
        - passcode_login_final_failed
        - webauthn_registration_init_succeeded
        - webauthn_registration_init_failed
        - webauthn_registration_final_succeeded
        - webauthn_registration_final_failed
        - webauthn_authentication_init_succeeded
        - webauthn_authentication_init_failed
        - webauthn_authentication_final_succeeded
        - webauthn_authentication_final_failed
        - webauthn_credential_updated
        - webauthn_credential_deleted
        - thirdparty_signup_succeeded
        - thirdparty_signin_succeeded
        - thirdparty_linking_succeeded
        - thirdparty_signin_signup_failed
        - token_exchange_succeeded
        - token_exchange_failed
        - user_created
        - email_created
        - email_verified
        - email_deleted
        - primary_email_changed
        - user_deleted
        - login_success
        - login_failure
        - otp_created
        - passkey_created
        - passkey_deleted
        - security_key_created
        - username_changed
        - username_deleted
        - password_changed
        - password_deleted
    AuditLog:
      type: object
      required:
        - id
        - type
        - meta_http_request_id
        - meta_source_ip
        - meta_user_agent
        - created_at
        - updated_at
      properties:
        id:
          description: The ID of the audit log
          allOf:
            - $ref: '#/components/schemas/UUID4'
        type:
          allOf:
            - $ref: '#/components/schemas/AuditLogTypes'
        error:
          description: A more detailed message why something failed
          type: string
        meta_http_request_id:
          description: The ID of the corresponding http request
          type: string
          example: 0a2xsrhlhiQv49FIpq8KV8uQVq6ky9Bw
        meta_source_ip:
          description: The IP from where the http request came from
          type: string
          format: ip-address
          example: 172.27.0.1
        meta_user_agent:
          description: The user agent from where the http request came from
          type: string
        actor_user_id:
          description: The userID from the actor
          allOf:
            - $ref: '#/components/schemas/UUID4'
        actor_email:
          description: The email from the actor
          type: string
          format: email
        created_at:
          description: Time of creation of the audit log
          type: string
          format: date-time
          example: '2022-09-14T12:15:09.788784Z'
    Error:
      type: object
      required:
        - code
        - message
      properties:
        code:
          type: integer
          format: int32
        message:
          type: string
  headers:
    X-Total-Count:
      schema:
        type: string
      description: The total count of the requested resource considering query parameter
      example: 1234
    Link:
      schema:
        type: string
      description: Web Linking as described in RFC5988
      example: >-
        <http://localhost:8001/resource?page=1&per_page=10>;
        rel="first",<http://localhost:8001/resource?page=16&per_page=10>;
        rel="last",<http://localhost:8001/resource?page=6&per_page=10>;
        rel="next",<http://localhost:8001/resource?page=4&per_page=10>;
        rel="prev"
  responses:
    InternalServerError:
      description: Internal server error
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            code: 500
            message: Internal Server Error
  securitySchemes:
    BearerApiKeyAuth:
      description: >-
        Bearer authentication header of the form `Bearer <token>`, where
        `<token>` is your API key. Must only be used when using Hanko Cloud.
      type: http
      scheme: bearer
      bearerFormat: API Key

````