Skip to main content
 

 

We've recently moved some of the REST API documentation. If you can't find what you're looking for, you might try the Actions REST API page.

Audit log

Get the audit log for an enterprise

Gets the audit log for an enterprise. To use this endpoint, you must be an enterprise admin, and you must use an access token with the admin:enterprise scope.

Parameters

Headers
acceptstring

Setting to application/vnd.github+json is recommended.

Path parameters
enterprisestringRequired

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

Query parameters
phrasestring

A search phrase. For more information, see Searching the audit log.

includestring

The event types to include:

  • web - returns web (non-Git) events.
  • git - returns Git events.
  • all - returns both web and Git events.

The default is web.

Can be one of: web, git, all

afterstring

A cursor, as given in the Link header. If specified, the query only searches for events after this cursor.

beforestring

A cursor, as given in the Link header. If specified, the query only searches for events before this cursor.

orderstring

The order of audit log events. To list newest events first, specify desc. To list oldest events first, specify asc.

The default is desc.

Can be one of: desc, asc

pageinteger

Page number of the results to fetch.

Default: 1

per_pageinteger

The number of results per page (max 100).

Default: 30

HTTP response status codes

Status codeDescription
200

OK

Code samples

get/enterprises/{enterprise}/audit-log
curl \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ https://api.github.com/enterprises/ENTERPRISE/audit-log

Response

Status: 200
[ { "@timestamp": 1606929874512, "action": "team.add_member", "actor": "octocat", "created_at": 1606929874512, "_document_id": "xJJFlFOhQ6b-5vaAFy9Rjw", "org": "octo-corp", "team": "octo-corp/example-team", "user": "monalisa" }, { "@timestamp": 1606507117008, "action": "org.create", "actor": "octocat", "created_at": 1606507117008, "_document_id": "Vqvg6kZ4MYqwWRKFDzlMoQ", "org": "octocat-test-org" }, { "@timestamp": 1605719148837, "action": "repo.destroy", "actor": "monalisa", "created_at": 1605719148837, "_document_id": "LwW2vpJZCDS-WUmo9Z-ifw", "org": "mona-org", "repo": "mona-org/mona-test-repo", "visibility": "private" } ]