The Audit Logs API exports audit events for security monitoring, compliance reporting, and operational oversight. ## Prerequisites - Access to an Organization API key. - An Organization Secret Key from Amplitude Support. - Your Organization ID. ## Retrieve audit events To retrieve audit events and export them to a SIEM or internal workflow: 1. Contact Amplitude Support, provide your Organization ID, and request an Organization Secret Key. 2. Locate your Organization API key in _Organization settings > API Keys_. 3. Send a request to `POST https://amplitude.com/api/2/audit-logs/{ORG_ID}` using Basic authentication with your Organization API key and Organization Secret Key. Amplitude returns audit events for the organization in the response. ### Example request ```bash curl -X POST "https://amplitude.com/api/2/audit-logs/76273" \ -H "Authorization: Basic Base64" \ -H "Content-Type: application/json" \ -d '{ "start_date": "2026-01-01T00:00:00Z", "end_date": "2026-01-10T23:59:59Z", "filters": { "domain": "auth", "feature": "auth", "action": "login" }, "pagination": { "limit": 100 } }' ``` #### Required parameters | Parameter | Type | Required | Description | |---|---|---|---| | `start_date` | String | Yes | Start of the date range in ISO 8601 format. | | `end_date` | String | Yes | End of the date range in ISO 8601 format. | All other fields are optional and refine the query. The maximum query range is 30 days. Amplitude retains audit data for 90 days. ## Common use cases ### Integrate with a SIEM Export audit events to your SIEM to monitor administrative activity and detect anomalous access patterns. ### Support compliance reporting Collect audit events to support compliance workflows, such as SOC 2, ISO 27001, and HIPAA reporting. ### Investigate security incidents Review audit events to trace administrative actions and support forensic investigations. ## Common questions ### How to get an Organization Secret Key Contact Amplitude Support and provide your Organization ID. Amplitude Support issues the Organization Secret Key. ### Is an EU endpoint available? No. The Audit Logs API uses `https://amplitude.com` for all requests, including EU organizations. ## Related resources - [Manage your API keys and secret keys](/docs/admin/account-management/manage-your-api-keys-and-secret-keys) - [API authentication](/docs/apis/authentication) - [Keys and tokens](/docs/apis/keys-and-tokens)