Audit Logs

Advanced event logging, auditing, and exporting for IT admins

Enterprise-grade compliance with a customizable, strongly-typed, exportable audit logging solution.

Audit Logs
Filter logs by Actors, Events, Targets, and Dates
Actor
Action
Date and time
Lily Ari
lily@foo-corp.com  •  64.411.12.22
team.user_added
user, team
May 25, 2022
4:44:23pm GMT-6
Patrick Robertson
patrick@foo-corp.com  •  76.218.31.172
video.viewed
user, video
May 25, 2022
4:42:10pm GMT-6
Lily Ari
lily@foo-corp.com  •  64.411.12.22
user.logged_in
user
May 25, 2022
4:42:05pm GMT-6
System
Automated clean up job
video.deleted
video
May 25, 2022
4:31:12pm GMT-6
Ava James
ava@foo-corp.com  •  150.86.222.114
team.join_request_approved
user, team
May 25, 2022
4:28:42pm GMT-6
Ava James
ava@foo-corp.com  •  150.86.222.114
team.join_request_created
user, team
May 25, 2022
4:27:23pm GMT-6
Ava James
ava@foo-corp.com  •  150.86.222.114
user.logged_in
user
May 25, 2022
4:25:31pm GMT-6
System
Automated clean up job
video.deleted
video
May 25, 2022
4:18:11pm GMT-6
Anonymous User
94.171.151.3
video.viewed
user, video
May 25, 2022
4:10:29pm GMT-6
Lily Ari
lily@foo-corp.com  •  64.411.12.22
team.joined
user, team
May 25, 2022
4:44:23pm GMT-6
team.user_added
A user was added to the team
team.billing_info_added
Billing info has been added to a team
user.account_created
A new user was created
team.user_removed
A user was removed from a team
team.admin_added
An admin account was added to team
team.user_added
A user was added to the team
team.billing_info_added
Billing info has been added to a team
user.account_created
A new user was created
team.user_removed
A user was removed from a team
team.admin_added
An admin account was added to team
video.viewed
A video has been viewed by a user
user.account_updated
A user’s properties were updated
video.edited
A video has been edited by a user
user.account_updated
A user’s properties were updated
team.created
A team account has been created
video.viewed
A video has been viewed by a user
user.account_updated
A user’s properties were updated
video.edited
A video has been edited by a user
user.account_updated
A user’s properties were updated
team.created
A team account has been created
user.avatar_edited
A user’s avatar was changed
user.account_created
A new user was created
team.billing_plan_upgraded
A team has upgraded their plan
team.website_url_edited
A team’s website has changed
team.user_removed
A user was removed from a team
user.avatar_edited
A user’s avatar was changed
user.account_created
A new user was created
team.billing_plan_upgraded
A team has upgraded their plan
team.website_url_edited
A team’s website has changed
team.user_removed
A user was removed from a team

A world-class audit log in minutes

1

Define events

Use the WorkOS Dashboard to define the actions, targets, and metadata that you want to record from your app.

2

Send event data

With a few lines of code, use our SDK to send actions, targets, and metadata from your app to the Audit Log API.

3

View and export logs

Audit Logs are available to you in the WorkOS Dashboard and to your customers through a private URL.

Define events

A robust developer-friendly interface allows you to quickly add the events you want to track, give the action a name, assign target types to each event, and define a schema for any custom metadata you wish to attach to each event.

Using the JSON schema editor, you can enforce strongly-typed metadata to ensure your app is sending consistently structured and valid event data into your audit log.

Send events

Use one of our SDKs (available in Node.js, Ruby, Python, PHP, Go, .NET, and more) to quickly start sending event data from your application to the WorkOS Audit Log API.

Store your own custom metadata (key:value pairs) on the event object, the actor, or any target associated with the event.

View and export logs

With a quick and robust filtering engine, we made searching, viewing, and exporting audit log data a breeze — allowing you to focus on building the more critical features of your app.

Preparing CSV for download
CSV export is ready for download
audit_logs_export.csv

Stream Audit Logs to your customer’s existing SIEM provider

Give your customers enhanced log management with streaming logs. The best part? They can set it up themselves with their existing SIEM provider directly from the WorkOS Admin Portal.

Create events and attach custom metadata

Create audit log events at any point in your application lifecycle, attach your own metadata, and optionally validate against a JSON schema.


// Emit an Audit Log event
// using the ID from an Organization

import WorkOS from '@workos-inc/node';

const workos = new WorkOS('sk_example_123456');

await workos.auditLogs.createEvent('org_01EHWNCE74X7JSDV0X3SZ3KJNY', {
  action: 'user.signed_in',
  occurred_at: new Date(),
  actor: {
    type: 'user',
    id: 'user_01GBNJC3MX9ZZJW1FSTF4C5938',
  },
  targets: [
    {
      type: 'team',
      id: 'team_01GBNJD4MKHVKJGEWK42JNMBGS',
    },
  ],
  context: {
    location: '123.123.123.123',
    user_agent: 'Chrome/104.0.0.0',
  },
});

# Emit an Audit Log event
# using the ID from an Organization

require "workos"
WorkOS.key = "sk_example_123456"
event = {
  action: "user.signed_in",
  occurred_at: "2022-09-08T19:46:03.435Z",
  actor: {
    id: "user_01GBNJC3MX9ZZJW1FSTF4C5938",
    type: "user"
  },
  targets: [
    {
      id: "team_01GBNJD4MKHVKJGEWK42JNMBGS",
      type: "team"
    }
  ],
  context: {
    location: "1.1.1.1",
    user_agent: "Chrome/104.0.0.0"
  }
}
WorkOS::AuditLogs.create_event(
  organization: "org_01EHWNCE74X7JSDV0X3SZ3KJNY",
  event: event
)

# Emit an Audit Log event
# using the ID from an Organization

from datetime import datetime

from workos import client
import workos

workos.api_key = "sk_example_123456"

organization_id = "org_01EHWNCE74X7JSDV0X3SZ3KJNY"
event = {
    "action": "user.signed_in",
    "occurred_at": datetime.now().isoformat(),
    "actor": {
        "type": "user",
        "id": "user_01GBNJC3MX9ZZJW1FSTF4C5938",
        "metadata": {
            "role": "admin",
        },
    },
    "targets": [
        {
            "type": "team",
            "id": "team_01GBNJD4MKHVKJGEWK42JNMBGS",
            "metadata": {
                "owner": "user_01GBTCQ2MZG9C87R7NAQZZS7M6",
            },
        },
    ],
    "context": {
        "location": "123.123.123.123",
        "user_agent": "Chrome/104.0.0.0",
    },
}
idempotency_key = "884793cd-bef4-46cf-8790-ed49257a09c6"

client.create_event(organization_id, event, idempotency_key)

// Emit an Audit Log event
// using the ID from an Organization

package main

import (
	"context"
	"github.com/workos/workos-go/pkg/auditlogs"
	"time"
)

func main() {
	auditlogs.SetAPIKey("sk_example_123456789")

	err := auditlogs.CreateEvent(context.TODO(), auditlogs.AuditLogEventOpts{
		Organization: "org_01EHWNCE74X7JSDV0X3SZ3KJNY",
		Event: auditlogs.Event{
			Action:     "user.signed_in",
			OccurredAt: time.Now(),
			Actor: auditlogs.Actor{
				Id:   "user_01GBNJC3MX9ZZJW1FSTF4C5938",
				Type: "user",
			},
			Targets: []auditlogs.Target{
				{Id: "team_01GBNJD4MKHVKJGEWK42JNMBGS", Type: "team"},
			},
			Context: auditlogs.Context{
				Location:  "123.123.123.123",
				UserAgent: "Chrome/104.0.0.0",
			},
		},
	})
	if err != nil {
		// Handle error.
	}
}

// Emit an Audit Log event
// using the ID from an Organization

auditLogs = new WorkOS\AuditLogs();

$auditLogEvent = [
    "action" => "user.signed_in",
    "occurred_at" => time(),
    "version" => 1,
    "actor" => [
        "id" => "user_123",
        "type" => "user",
        "name" => "Jon Smith",
        "metadata" => [
          "role" => "admin"
        ],
    ],
    "targets" => [
        [
            "id" => "user_123",
            "type" => "user",
            "name" => "Jon Smith"
        ],
        [
            "id" => "user_123",
            "type" => "team",
            "metadata" => [
              "extra" => "data",
            ],
        ],
    ],
    "context" => [
        "location" => "1.1.1.1",
        "user_agent" => "Chrome/104.0.0.0",
    ],
    "metadata" => [
        "extra" => "data",
    ],
];

$idempotencyKey = "884793cd-bef4-46cf-8790-ed49257a09c6";

$this->auditLogs->createEvent("org_01EHWNCE74X7JSDV0X3SZ3KJNY", $auditLogEvent, $idempotencyKey);

// Emit an Audit Log event
// using the ID from an Organization

import com.workos.WorkOS;
import com.workos.auditlogs.AuditLogsApi.CreateAuditLogEventOptions;
import java.util.Date;

WorkOS workos = new WorkOS("sk_example_123456");

CreateAuditLogEventOptions options =
    CreateAuditLogEventOptions.builder()
        .action("user.signed_in")
        .occurredAt(new Date())
        .actor("user_01GBNJC3MX9ZZJW1FSTF4C5938", "user")
        .target("team_01GBNJD4MKHVKJGEWK42JNMBGS", "team")
        .context("123.123.123.123", "Chrome/104.0.0.0")
        .build();

workos.auditLogs.createEvent("org_01EHWNCE74X7JSDV0X3SZ3KJNY", options);







// Emit an Audit Log event
// using the ID from an Organization

WorkOS.SetApiKey("sk_example_123456789");

var service = new AuditLogsService();

var auditLogEvent = new AuditLogEvent {
    Action = "user.signed_in",
    OccurredAt = DateTime.Now,
    Actor =
        new AuditLogEventActor {
            Id = "user_01GBNJC3MX9ZZJW1FSTF4C5938",
            Type = "user",
        },
    Targets =
        new List<AuditLogEventTarget>() {
            new AuditLogEventTarget {
                Id = "team_01GBNJD4MKHVKJGEWK42JNMBGS",
                Type = "team",
            },
        },
    Context =
        new AuditLogEventContext {
            Location = "123.123.123.123",
            UserAgent = "Chrome/104.0.0.0",
        },
};

service.CreateEvent("org_01EHWNCE74X7JSDV0X3SZ3KJNY", auditLogEvent);

curl --request POST \
  --url https://api.workos.com/audit_logs/events \
  --header "Authorization: Bearer sk_example_123456789" \
  --header "Content-Type: application/json" \
  --header "Idempotency-Key: 884793cd-bef4-46cf-8790-e3d4957a09ce" \
  -d @- <<BODY
  {
    "organization_id": "org_01EHWNCE74X7JSDV0X3SZ3KJNY",
    "event": {
      "action": "user.signed_in",
      "occurred_at": "2022-09-02T16:35:39.317Z",
      "version": 1,
      "actor": {
        "type": "user",
        "id": "user_id",
        "name": "Jon Smith",
        "metadata": {
          "role": "admin"
        }
      },
      "targets": [
        {
          "type": "user",
          "id": "user_id",
          "name": "Jon Smith"
        },
        {
          "type": "team",
          "id": "team_id",
          "metadata": {
            "extra": "data"
          }
        }
      ],
      "context": {
        "location": "1.1.1.1",
        "user_agent": "Chrome/104.0.0.0"
      },
      "metadata": {
        "extra": "data"
      }
    }
  }
BODY
  • Attach events to different actor types

    Choose between user, anonymous, and system actor types to fit your usecase.
  • Assign targets to each event

    Specify which object types in your application that a certain event is associated with.
  • Add custom metadata

    Custom metadata can be added to the top-level event, the actor, or any targets associated.
  • Type-check with JSON schema validation

    Ensure any event data sent by your app is structured and typed correctly.

Transparent pricing

Give your enterprise customers advanced event logging, auditing, exporting, and streaming to SIEM providers.

STARTS AT
$
5
per organization
/ month
View available add-ons
included at no charge
  • CSV export
  • 30 day data retention
  • UIs for searching and filtering events

This site uses cookies to improve your experience. Please accept the use of cookies on this site. You can review our cookie policy here and our privacy policy here. If you choose to refuse, functionality of this site will be limited.