# Audit Logs API

Programmatically export audit events for security monitoring, compliance, and operational reporting.

Source: https://amplitude.com/docs/apis/audit-logs

---

On this page

- [Prerequisites](#prerequisites)
- [Retrieve audit events](#retrieve-audit-events)
- [Example request](#example-request)
- [Common use cases](#common-use-cases)
- [Integrate with a SIEM](#integrate-with-a-siem)
- [Support compliance reporting](#support-compliance-reporting)
- [Investigate security incidents](#investigate-security-incidents)
- [Common questions](#common-questions)
- [Get an Organization Secret Key](#get-an-organization-secret-key)
- [EU endpoint availability](#eu-endpoint-availability)
- [Related resources](#related-resources)

# Audit Logs API

The Audit Logs API lets you programmatically access and export audit events for security monitoring, compliance reporting, and operational oversight.

## Prerequisites

- Access to an Organization API key.
- An Organization Secret Key from Amplitude Support.
- Your Organization ID.

## Retrieve audit events

Use the Audit Logs API to retrieve audit events and export them to a SIEM or internal workflow.

1. Contact Amplitude Support and request an Organization Secret Key.
2. Provide your Organization ID to Amplitude Support.
3. Locate your Organization API key in *Organization settings > API Keys*.
4. Send a request to the Audit Logs API endpoint: `POST https://amplitude.com/api/2/audit-logs/{ORG_ID}`.
5. Use Basic authentication with your Organization API key and Organization Secret Key.

Amplitude returns audit events for the organization in the response.

### Example request

bash

```
curl -X POST "https://amplitude.com/api/2/audit-logs/76273" \
  -H "Authorization: Basic Base64<ORG_API_KEY:ORG_SECRET_KEY>" \
  -H "Content-Type: application/json" \
  -d '{
    "start_date": "2026-01-01T00:00:00Z",
    "end_date": "2026-01-10T23:59:59Z",
    "filters": {
      "domain": "auth",
      "feature": "auth",
      "action": "login"
    },
    "pagination": {
      "limit": 100
    }
  }'

#### Required parameters

- `start_date` (required): The start of the date range in ISO 8601 format.
- `end_date` (required): The end of the date range in ISO 8601 format.

All other fields are optional and refine your query. The API supports a maximum query range of 30 days, and Amplitude retains data for 90 days.

## Common use cases

### Integrate with a SIEM

Export audit events to your SIEM to monitor administrative activity and detect anomalous access patterns.

### Support compliance reporting

Collect audit events to support compliance workflows, such as SOC 2, ISO 27001, and HIPAA reporting.

### Investigate security incidents

Review audit events to trace administrative actions and support forensic investigations.

## Common questions

### Get an Organization Secret Key

Contact Amplitude Support and provide your Organization ID. Amplitude Support issues the Organization Secret Key.

### EU endpoint availability

No. The Audit Logs API uses `https://amplitude.com` for all requests.

## Related resources

- [Manage your API keys and secret keys](/docs/admin/account-management/manage-your-api-keys-and-secret-keys)
- [API authentication](/docs/apis/authentication)
- [Keys and tokens](/docs/apis/keys-and-tokens)

Was this helpful?

<!--$-->

<!--/$-->