The REST API is now versioned. For more information, see "About API versioning."

REST API endpoints for enterprise audit logs

Use the REST API to retrieve audit logs for an enterprise.

These endpoints only support authentication using a personal access token (classic). For more information, see "Managing your personal access tokens."

Get the audit log for an enterprise

Gets the audit log for an enterprise.

The authenticated user must be an enterprise admin to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.

Fine-grained access tokens for "Get the audit log for an enterprise"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Enterprise administration" business permissions (read)

Parameters for "Get the audit log for an enterprise"

Headers
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
enterprise string Required

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

Query parameters
phrase string

A search phrase. For more information, see Searching the audit log.

include string

The event types to include:

  • web - returns web (non-Git) events.
  • git - returns Git events.
  • all - returns both web and Git events.

The default is web.

Can be one of: web, git, all

after string

A cursor, as given in the Link header. If specified, the query only searches for events after this cursor.

before string

A cursor, as given in the Link header. If specified, the query only searches for events before this cursor.

order string

The order of audit log events. To list newest events first, specify desc. To list oldest events first, specify asc.

The default is desc.

Can be one of: desc, asc

page integer

The page number of the results to fetch. For more information, see "Using pagination in the REST API."

Default: 1

per_page integer

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

Default: 30

HTTP response status codes for "Get the audit log for an enterprise"

Status codeDescription
200

OK

Code samples for "Get the audit log for an enterprise"

Request example

get/enterprises/{enterprise}/audit-log
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/enterprises/ENTERPRISE/audit-log

Response

Status: 200
[ { "actor_ip": "88.123.45.123", "from": "pull_requests#merge", "device_cookie": null, "actor": "mona-admin", "actor_id": 7, "repo": "octo-org/octo-repo", "repo_id": 17, "business": "github", "business_id": 1, "org": "octo-org", "org_id": 8, "action": "pull_request.merge", "@timestamp": 1635940599755, "created_at": 1635940599755, "operation_type": "modify", "actor_location": { "country_code": "GB", "country_name": "United Kingdom", "region": "ENG", "region_name": "England", "city": "Louth", "postal_code": "LN11", "location": { "lat": 53.4457, "lon": 0.141 } }, "data": { "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) ...", "method": "POST", "request_id": "e4dabc4d-ba16-4bca-1234-649be7ae1188", "server_id": "5d17aab5-fd9f-abcd-a820-16bed246441b", "request_category": "other", "controller_action": "merge", "url": "https://example.com/octo-org/octo-repo/pull/1/merge", "client_id": 322299977.1635936, "referrer": "https://example.com/octo-org/octo-repo/pull/1", "actor_session": 1, "pull_request_id": 1, "category_type": "Resource Management" } }, { "actor_ip": "88.123.45.123", "from": "pull_request_review_events#create", "device_cookie": null, "actor": "mona-admin", "actor_id": 7, "business_id": 1, "org_id": 8, "action": "pull_request_review.submit", "@timestamp": 1635940593079, "created_at": 1635940593079, "operation_type": "modify", "actor_location": { "country_code": "GB", "country_name": "United Kingdom", "region": "ENG", "region_name": "England", "city": "Louth", "postal_code": "LN11", "location": { "lat": 53.4457, "lon": 0.141 } }, "data": { "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) ...", "method": "PUT", "request_id": "c0f63bb7-17b6-4796-940c-12345c5a581b", "server_id": "2abc1234-f651-43e3-9696-e942ad5f8c89", "request_category": "other", "controller_action": "create", "url": "https://example.com/octo-org/octo-repo/pull/1/reviews", "client_id": 322299977.1635936, "referrer": "https://example.com/octo-org/octo-repo/pull/1/files", "actor_session": 1, "spammy": false, "pull_request_id": 1, "body": null, "allowed": true, "id": 1, "state": 40, "issue_id": 1, "review_id": 1, "category_type": "Resource Management" } }, { "actor_ip": "88.123.45.123", "from": "pull_requests#create", "device_cookie": null, "actor": "mona", "actor_id": 9, "user_id": 9, "repo": "octo-org/octo-repo", "repo_id": 17, "business": "github", "business_id": 1, "org": "octo-org", "org_id": 8, "action": "pull_request.create", "@timestamp": 1635940554161, "created_at": 1635940554161, "operation_type": "create", "actor_location": { "country_code": "GB", "country_name": "United Kingdom", "region": "ENG", "region_name": "England", "city": "Louth", "postal_code": "LN11", "location": { "lat": 53.4457, "lon": 0.141 } }, "data": { "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) ...", "method": "POST", "request_id": "2773abeb-477f-4ebf-a017-f8e8a206c305", "server_id": "796e3115-4ce8-4606-8fd0-99ea57a2e12b", "request_category": "other", "controller_action": "create", "url": "https://example.com/octo-org/octo-repo/pull/create?base=octo-org%3Amain&head=mona%3Apatch-1", "client_id": 386351111.163594, "referrer": "https://example.com/octo-org/octo-repo/compare/main...mona:patch-1", "actor_session": 2, "pull_request_id": 1, "category_type": "Resource Management" } } ]