Audit Log API

Accessing the API via Command Line

1. Find your organization ID and project ID in the LogRocket platform. Create an API key under Settings > API Keys.
2. Replace the placeholders in the following command with the appropriate information and submit the curl request.

curl ‘https://api.logrocket.com/v1/orgs/<your-organization-id>/apps/<your-project-id>/audit/logs/?limit=10&cursor=1530651654308’ -H ‘Authorization: token <your-api-key>’

Format of the Returned Data

Fields:

• has_next: True if there are more audit logs with timestamps greater than those returned in the original request.
• cursor: The timestamp that should be used for subsequent requests to get the next page of audit logs.
  • You can treat your initial cursor as a timestamp (logs returned will be greater than or equal to that time), but please treat subsequent cursors as opaque page references (this is in case we need to tie break same-ms logs).
• user: ID (email or system ID) of the user that performed the action described in the log.
• action: Title of the action the log is describing.
• description:
  • For "Viewed Session" logs: the ID of the session that was viewed. To reconstitute a session url from these use the following format: https://app.logrocket.com/<org>/<app>/s/<description>
  • All other actions taken by admins and non-admins are simple strings describing the action.

{
  "has_next": true,
  "cursor": 1706906952000,
  "logs": [
    {
      "time": "02/02/24 08:48PM",
      "created_date": "2024-02-02T20:48:40.376852Z",
      "user": "[email protected]",
      "action": "Viewed session",
      "description": "1-aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee/1"
    },
    ... more logs ...
  ]
}

If there are more logs it’ll return you a next cursor and set has_next to true. You can treat your initial cursor as a timestamp (logs returned will be gte that time), but please treat subsequent cursors as opaque page references (this is in case we need to tie break same-ms logs)