On this page

Audit Logs API

The Audit Logs API exports audit events for security monitoring, compliance reporting, and operational oversight.

Prerequisites

  • Access to an Organization API key.
  • An Organization Secret Key from Amplitude Support.
  • Your Organization ID.

Retrieve audit events

To retrieve audit events and export them to a SIEM or internal workflow:

  1. Contact Amplitude Support, provide your Organization ID, and request an Organization Secret Key.
  2. Locate your Organization API key in Organization settings > API Keys.
  3. Send a request to POST https://amplitude.com/api/2/audit-logs/{ORG_ID} using Basic authentication with your Organization API key and Organization Secret Key.

Amplitude returns audit events for the organization in the response.

Example request

bash
curl -X POST "https://amplitude.com/api/2/audit-logs/76273" \
  -H "Authorization: Basic Base64<ORG_API_KEY:ORG_SECRET_KEY>" \
  -H "Content-Type: application/json" \
  -d '{
    "start_date": "2026-01-01T00:00:00Z",
    "end_date": "2026-01-10T23:59:59Z",
    "filters": {
      "domain": "auth",
      "feature": "auth",
      "action": "login"
    },
    "pagination": {
      "limit": 100
    }
  }'

Required parameters

ParameterTypeRequiredDescription
start_dateStringYesStart of the date range in ISO 8601 format.
end_dateStringYesEnd of the date range in ISO 8601 format.

All other fields are optional and refine the query. The maximum query range is 30 days. Amplitude retains audit data for 90 days.

Common use cases

Integrate with a SIEM

Export audit events to your SIEM to monitor administrative activity and detect anomalous access patterns.

Support compliance reporting

Collect audit events to support compliance workflows, such as SOC 2, ISO 27001, and HIPAA reporting.

Investigate security incidents

Review audit events to trace administrative actions and support forensic investigations.

Common questions

How to get an Organization Secret Key

Contact Amplitude Support and provide your Organization ID. Amplitude Support issues the Organization Secret Key.

Is an EU endpoint available?

No. The Audit Logs API uses https://amplitude.com for all requests, including EU organizations.

Was this helpful?