Get Audit Records

Purpose

This API retrieves audit records for admin activities within the organization.

OAuth Scope

Use the scope

ZohoMail.organization.audit.ALL (or) ZohoMail.organization.audit.READ

to generate the Authtoken.

ALL - Full access to audit.

READ - Read access to audit.

Request URL

Method: GET

https://mail.zoho.com/api/organization/{zoid}/activity

Path Parameters

  • zoid* long
    • This parameter denotes the unique Zoho Organization Identifier for the organization.
    • This parameter can be retrieved from the Get Organization Details API.

 

Query Parameters

  • searchKey string
    • This parameter specifies the criteria for filtering the audit records. 
    • This parameter contains Category, Sub Category, OperationType, performedBy, and performedFor. These criteria are separated by ::, and values are indicated by :.  
      Example searchKey value : category:1003::subCategory:4007::performedFor:user@zylker.com
    • For more details on how to construct SearchKey, refer here.
  • startTime long
    • Specifies the timestamp indicating the start time of the period for which audit records are requested.
    • The value of this parameter should be provided in milliseconds since the Unix epoch (January 1, 1970, 00:00:00 UTC).
  • endTime long
    • Specifies the timestamp indicating the end time of the period for which audit records are requested.
    • The value of this parameter should be provided in milliseconds since the Unix epoch (January 1, 1970, 00:00:00 UTC).
  • limit int
    • Specifies the maximum number of audit records to be returned in the API response.
    • Allowed value: 1-200.
    • The default value is 10.
  • lastEntityId string
    • This parameter represents the identifier of the last audit record retrieved in the previous request. This allows subsequent requests to fetch audit records starting from where the previous request ended.
  • lastIndexTime string
    • This parameter represents the timestamp of the last audit record retrieved in the previous request. This allows subsequent requests to fetch audit records starting from where the previous request ended.

 

* - Mandatory parameter

 

Response Codes

Refer here for the response codes and their meaning.

Sample Request

Copiedcurl "https://mail.zoho.com/api/organization/57047751/activity?searchKey=category:1003::subCategory:4007::performedFor:user@zylker.com&limit=50" \
-X GET \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization:Zoho-oauthtoken ***"

Sample Response

Copied{
  "status": {
    "code": 200,
    "description": "success"
  },
  "data": {
    "lastIndexTime": "1710316191981002",
    "audit": [
      {
        "subCategory": "MAILBOX_USER",
        "data": "{\"peopleInfo\":{},\"emailId\":\"user@zylker.com\"}",
        "type": "ADMIN",
        "requestTime": 1710316191981,
        "performedBy": "admin@zylker.com"
        "auditLogType": "ORGADMIN_AUDIT",
        "clientIp": "172.18.249.197",
        "mainCategory": "Users",
        "operationType": "ADD",
        "performedOn": "user@zylker.com",
        "category": "MAILBOX",
        "operation": "ORG_INFO_ADD",
        "status": "success"
      }
    ],
    "lastEntityId": "1710316191981002_sas@172.18.232.99"
  }
}