> For clean Markdown of any page, append .md to the page URL. > For a complete documentation index, see https://developer-test.atomicwork.com/llms.txt. > For full documentation content, see https://developer-test.atomicwork.com/llms-full.txt. > For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://developer-test.atomicwork.com/_mcp/server. # Export audit logs to CSV POST https://{tenant}.atomicwork.com/api/v1/audit-logs/export Content-Type: application/json Triggers an export of audit logs to CSV file. The export is processed asynchronously and an email with download link is sent upon completion. ### Filtering Use the `filters` field to narrow results. Pass an empty array or omit the field to retrieve all records. Each filter object has the following fields: | Field | Type | Description | |---|---|---| | `attribute` | string | The field to filter on (see Supported attributes below) | | `operator` | string | Comparison operator (see Available operators below) | | `values` | array | One or more `{ "value": }` objects | **Supported attributes** | Attribute | Typical operator | Description | |---|---|---| | `event_at` | `IS_BETWEEN` | Event timestamp. Requires exactly **two** values: `[start, end]` (both inclusive). Accepts ISO 8601 (`2024-01-01T00:00:00Z`) or date-only (`2024-01-01` — end date is automatically extended to `T23:59:59Z`). On export, defaults to the last 6 months if omitted. | | `actor_id` | `IS_ANY_OF` | Numeric user ID of the person who performed the action (the `id` field from `GET /api/v1/users`). | | `module` | `IS_ANY_OF` | Module **integer ID** (not the name). See the Module IDs reference table below. | | `event_type` | `IS_ANY_OF` | Event type **integer ID** (not the name). See the Event Type IDs reference table below. Not every event type is valid for every module — unsupported combinations return zero results. | **Available operators** | Operator | Meaning | |---|---| | `EQUALS` | Exact match | | `NOT_EQUALS` | Exclude exact match | | `IN` / `IS_ANY_OF` | Match any value in the list | | `IS_NOT_ANY_OF` | Exclude all listed values | | `IS_BETWEEN` | Inclusive range — pass exactly two values: `[start, end]` | | `IS_ON_OR_BEFORE` / `IS_ON_OR_AFTER` | Date/time boundary comparisons | | `CONTAINS` / `TEXT_CONTAINS` | Substring or set membership | | `IS_NULL` / `IS_NOT_NULL` | Null checks — `values` array can be empty | | `STARTS_WITH` / `ENDS_WITH` | String prefix/suffix match | **Module IDs** (use with `attribute: "module"`) | ID | Module | What it covers | |---|---|---| | `0` | APPS | Third-party app connections (connect / disconnect / update) | | `1` | USERS | User creation and profile updates | | `2` | WORKFLOWS | Automation workflow changes | | `3` | SERVICE_CATALOG | Service catalog items | | `4` | SECURITY | Login, logout, API key creation / deletion | | `5` | SKILL | AI skill changes | | `6` | WORKSPACES | Workspace settings changes | | `7` | TENANT_MIGRATION | Sandbox import / export | | `8` | AGENT_GROUPS | Agent group changes | | `9` | ACCESS_MANAGEMENT | Role and access control changes | | `10` | AI_AGENTS | AI agent changes | | `11` | AGENT_AVAILABILITY | Agent availability updates | | `12` | CUSTOM_OBJECTS | Custom object type changes | **Event Type IDs** (use with `attribute: "event_type"`) | ID | Event Type | |---|---| | `0` | CONNECTED | | `1` | DISCONNECTED | | `2` | CREATED | | `3` | UPDATED | | `4` | ENABLED | | `5` | DISABLED | | `6` | DELETED | | `7` | IMPORT | | `8` | EXPORT | | `9` | RESTORED | | `10` | LOGIN | | `12` | LOGOUT | **Module → valid event types** | Module | Valid event type IDs | |---|---| | APPS (0) | 0 (CONNECTED), 1 (DISCONNECTED), 3 (UPDATED) | | USERS (1) | 2 (CREATED), 3 (UPDATED) | | WORKFLOWS (2) | 2 (CREATED), 3 (UPDATED), 6 (DELETED) | | SERVICE_CATALOG (3) | 2 (CREATED), 3 (UPDATED), 6 (DELETED) | | SECURITY (4) | 2 (CREATED), 6 (DELETED), 10 (LOGIN), 12 (LOGOUT) | | SKILL (5) | 2 (CREATED), 3 (UPDATED), 6 (DELETED) | | WORKSPACES (6) | 2 (CREATED), 3 (UPDATED), 6 (DELETED) | | TENANT_MIGRATION (7) | 7 (IMPORT), 8 (EXPORT) | | AGENT_GROUPS (8) | 2 (CREATED), 3 (UPDATED), 6 (DELETED) | | ACCESS_MANAGEMENT (9) | 2 (CREATED), 3 (UPDATED), 6 (DELETED), 9 (RESTORED) | | AI_AGENTS (10) | 2 (CREATED), 3 (UPDATED), 6 (DELETED) | | AGENT_AVAILABILITY (11) | 3 (UPDATED) | | CUSTOM_OBJECTS (12) | 2 (CREATED), 3 (UPDATED), 6 (DELETED) | **Example** ```json [ { "attribute": "event_at", "operator": "IS_BETWEEN", "values": [ { "value": "2024-01-01T00:00:00Z" }, { "value": "2024-12-31T23:59:59Z" } ] }, { "attribute": "module", "operator": "IS_ANY_OF", "values": [ { "value": 1 }, { "value": 9 } ] }, { "attribute": "event_type", "operator": "IS_ANY_OF", "values": [ { "value": 2 }, { "value": 3 } ] }, { "attribute": "actor_id", "operator": "IS_ANY_OF", "values": [ { "value": 123 } ] } ] ``` Reference: https://developer-test.atomicwork.com/atomicwork-public-api/audit-logs/postapi-v-1-audit-logs-export ## OpenAPI Specification ```yaml openapi: 3.1.0 info: title: collection version: 1.0.0 paths: /api/v1/audit-logs/export: post: operationId: postapi-v-1-audit-logs-export summary: Export audit logs to CSV description: > Triggers an export of audit logs to CSV file. The export is processed asynchronously and an email with download link is sent upon completion. ### Filtering Use the `filters` field to narrow results. Pass an empty array or omit the field to retrieve all records. Each filter object has the following fields: | Field | Type | Description | |---|---|---| | `attribute` | string | The field to filter on (see Supported attributes below) | | `operator` | string | Comparison operator (see Available operators below) | | `values` | array | One or more `{ "value": }` objects | **Supported attributes** | Attribute | Typical operator | Description | |---|---|---| | `event_at` | `IS_BETWEEN` | Event timestamp. Requires exactly **two** values: `[start, end]` (both inclusive). Accepts ISO 8601 (`2024-01-01T00:00:00Z`) or date-only (`2024-01-01` — end date is automatically extended to `T23:59:59Z`). On export, defaults to the last 6 months if omitted. | | `actor_id` | `IS_ANY_OF` | Numeric user ID of the person who performed the action (the `id` field from `GET /api/v1/users`). | | `module` | `IS_ANY_OF` | Module **integer ID** (not the name). See the Module IDs reference table below. | | `event_type` | `IS_ANY_OF` | Event type **integer ID** (not the name). See the Event Type IDs reference table below. Not every event type is valid for every module — unsupported combinations return zero results. | **Available operators** | Operator | Meaning | |---|---| | `EQUALS` | Exact match | | `NOT_EQUALS` | Exclude exact match | | `IN` / `IS_ANY_OF` | Match any value in the list | | `IS_NOT_ANY_OF` | Exclude all listed values | | `IS_BETWEEN` | Inclusive range — pass exactly two values: `[start, end]` | | `IS_ON_OR_BEFORE` / `IS_ON_OR_AFTER` | Date/time boundary comparisons | | `CONTAINS` / `TEXT_CONTAINS` | Substring or set membership | | `IS_NULL` / `IS_NOT_NULL` | Null checks — `values` array can be empty | | `STARTS_WITH` / `ENDS_WITH` | String prefix/suffix match | **Module IDs** (use with `attribute: "module"`) | ID | Module | What it covers | |---|---|---| | `0` | APPS | Third-party app connections (connect / disconnect / update) | | `1` | USERS | User creation and profile updates | | `2` | WORKFLOWS | Automation workflow changes | | `3` | SERVICE_CATALOG | Service catalog items | | `4` | SECURITY | Login, logout, API key creation / deletion | | `5` | SKILL | AI skill changes | | `6` | WORKSPACES | Workspace settings changes | | `7` | TENANT_MIGRATION | Sandbox import / export | | `8` | AGENT_GROUPS | Agent group changes | | `9` | ACCESS_MANAGEMENT | Role and access control changes | | `10` | AI_AGENTS | AI agent changes | | `11` | AGENT_AVAILABILITY | Agent availability updates | | `12` | CUSTOM_OBJECTS | Custom object type changes | **Event Type IDs** (use with `attribute: "event_type"`) | ID | Event Type | |---|---| | `0` | CONNECTED | | `1` | DISCONNECTED | | `2` | CREATED | | `3` | UPDATED | | `4` | ENABLED | | `5` | DISABLED | | `6` | DELETED | | `7` | IMPORT | | `8` | EXPORT | | `9` | RESTORED | | `10` | LOGIN | | `12` | LOGOUT | **Module → valid event types** | Module | Valid event type IDs | |---|---| | APPS (0) | 0 (CONNECTED), 1 (DISCONNECTED), 3 (UPDATED) | | USERS (1) | 2 (CREATED), 3 (UPDATED) | | WORKFLOWS (2) | 2 (CREATED), 3 (UPDATED), 6 (DELETED) | | SERVICE_CATALOG (3) | 2 (CREATED), 3 (UPDATED), 6 (DELETED) | | SECURITY (4) | 2 (CREATED), 6 (DELETED), 10 (LOGIN), 12 (LOGOUT) | | SKILL (5) | 2 (CREATED), 3 (UPDATED), 6 (DELETED) | | WORKSPACES (6) | 2 (CREATED), 3 (UPDATED), 6 (DELETED) | | TENANT_MIGRATION (7) | 7 (IMPORT), 8 (EXPORT) | | AGENT_GROUPS (8) | 2 (CREATED), 3 (UPDATED), 6 (DELETED) | | ACCESS_MANAGEMENT (9) | 2 (CREATED), 3 (UPDATED), 6 (DELETED), 9 (RESTORED) | | AI_AGENTS (10) | 2 (CREATED), 3 (UPDATED), 6 (DELETED) | | AGENT_AVAILABILITY (11) | 3 (UPDATED) | | CUSTOM_OBJECTS (12) | 2 (CREATED), 3 (UPDATED), 6 (DELETED) | **Example** ```json [ { "attribute": "event_at", "operator": "IS_BETWEEN", "values": [ { "value": "2024-01-01T00:00:00Z" }, { "value": "2024-12-31T23:59:59Z" } ] }, { "attribute": "module", "operator": "IS_ANY_OF", "values": [ { "value": 1 }, { "value": 9 } ] }, { "attribute": "event_type", "operator": "IS_ANY_OF", "values": [ { "value": 2 }, { "value": 3 } ] }, { "attribute": "actor_id", "operator": "IS_ANY_OF", "values": [ { "value": 123 } ] } ] ``` tags: - subpackage_auditLogs parameters: - name: X-Api-Key in: header required: true schema: type: string - name: X-Workspace-Id in: header required: false schema: type: string responses: '200': description: Successful response content: application/json: schema: $ref: >- #/components/schemas/Audit Logs_postapi_v1_audit_logs_export_Response_200 requestBody: content: application/json: schema: type: object properties: search_key: type: string description: >- Text search across log text, actor name, email, source IP, and event data filters: type: array items: $ref: >- #/components/schemas/ApiV1AuditLogsExportPostRequestBodyContentApplicationJsonSchemaFiltersItems description: > Structured filters (same shape as /audit-logs/list). Supported attributes - actor_id, module, event_type, event_at. If event_at is not supplied, defaults to the last 6 months. cc_emails: type: array items: type: string description: CC email addresses for the export notification servers: - url: https://{tenant}.atomicwork.com components: schemas: ApiV1AuditLogsExportPostRequestBodyContentApplicationJsonSchemaFiltersItemsOperator: type: string enum: - LIKE - EQUALS - IN - NOT_EQUALS - IS_BETWEEN - IS_ANY_OF - IS_NOT_ANY_OF title: >- ApiV1AuditLogsExportPostRequestBodyContentApplicationJsonSchemaFiltersItemsOperator ApiV1AuditLogsExportPostRequestBodyContentApplicationJsonSchemaFiltersItemsValuesItemsValue: type: object properties: {} title: >- ApiV1AuditLogsExportPostRequestBodyContentApplicationJsonSchemaFiltersItemsValuesItemsValue ApiV1AuditLogsExportPostRequestBodyContentApplicationJsonSchemaFiltersItemsValuesItems: type: object properties: value: $ref: >- #/components/schemas/ApiV1AuditLogsExportPostRequestBodyContentApplicationJsonSchemaFiltersItemsValuesItemsValue nested_filter: description: Any type title: >- ApiV1AuditLogsExportPostRequestBodyContentApplicationJsonSchemaFiltersItemsValuesItems ApiV1AuditLogsExportPostRequestBodyContentApplicationJsonSchemaFiltersItems: type: object properties: attribute: type: string operator: $ref: >- #/components/schemas/ApiV1AuditLogsExportPostRequestBodyContentApplicationJsonSchemaFiltersItemsOperator values: type: array items: $ref: >- #/components/schemas/ApiV1AuditLogsExportPostRequestBodyContentApplicationJsonSchemaFiltersItemsValuesItems title: >- ApiV1AuditLogsExportPostRequestBodyContentApplicationJsonSchemaFiltersItems Audit Logs_postapi_v1_audit_logs_export_Response_200: type: object properties: {} description: Empty response body title: Audit Logs_postapi_v1_audit_logs_export_Response_200 securitySchemes: ApiKeyAuth: type: apiKey in: header name: X-Api-Key ``` ## SDK Code Examples ```python import requests url = "https://{tenant}.atomicwork.com/api/v1/audit-logs/export" payload = { "0": { "attribute": "event_at", "operator": "IS_BETWEEN", "values": [{ "value": "2024-01-01T00:00:00Z" }, { "value": "2024-12-31T23:59:59Z" }] }, "1": { "attribute": "module", "operator": "IS_ANY_OF", "values": [{ "value": 1 }, { "value": 9 }] }, "2": { "attribute": "event_type", "operator": "IS_ANY_OF", "values": [{ "value": 2 }, { "value": 3 }] }, "3": { "attribute": "actor_id", "operator": "IS_ANY_OF", "values": [{ "value": 123 }] } } headers = { "X-Workspace-Id": "{{workspace_id}}", "X-Api-Key": "", "Content-Type": "application/json" } response = requests.post(url, json=payload, headers=headers) print(response.json()) ``` ```javascript const url = 'https://{tenant}.atomicwork.com/api/v1/audit-logs/export'; const options = { method: 'POST', headers: { 'X-Workspace-Id': '{{workspace_id}}', 'X-Api-Key': '', 'Content-Type': 'application/json' }, body: '{"0":{"attribute":"event_at","operator":"IS_BETWEEN","values":[{"value":"2024-01-01T00:00:00Z"},{"value":"2024-12-31T23:59:59Z"}]},"1":{"attribute":"module","operator":"IS_ANY_OF","values":[{"value":1},{"value":9}]},"2":{"attribute":"event_type","operator":"IS_ANY_OF","values":[{"value":2},{"value":3}]},"3":{"attribute":"actor_id","operator":"IS_ANY_OF","values":[{"value":123}]}}' }; try { const response = await fetch(url, options); const data = await response.json(); console.log(data); } catch (error) { console.error(error); } ``` ```go package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "https://{tenant}.atomicwork.com/api/v1/audit-logs/export" payload := strings.NewReader("{\n \"0\": {\n \"attribute\": \"event_at\",\n \"operator\": \"IS_BETWEEN\",\n \"values\": [\n {\n \"value\": \"2024-01-01T00:00:00Z\"\n },\n {\n \"value\": \"2024-12-31T23:59:59Z\"\n }\n ]\n },\n \"1\": {\n \"attribute\": \"module\",\n \"operator\": \"IS_ANY_OF\",\n \"values\": [\n {\n \"value\": 1\n },\n {\n \"value\": 9\n }\n ]\n },\n \"2\": {\n \"attribute\": \"event_type\",\n \"operator\": \"IS_ANY_OF\",\n \"values\": [\n {\n \"value\": 2\n },\n {\n \"value\": 3\n }\n ]\n },\n \"3\": {\n \"attribute\": \"actor_id\",\n \"operator\": \"IS_ANY_OF\",\n \"values\": [\n {\n \"value\": 123\n }\n ]\n }\n}") req, _ := http.NewRequest("POST", url, payload) req.Header.Add("X-Workspace-Id", "{{workspace_id}}") req.Header.Add("X-Api-Key", "") req.Header.Add("Content-Type", "application/json") res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := io.ReadAll(res.Body) fmt.Println(res) fmt.Println(string(body)) } ``` ```ruby require 'uri' require 'net/http' url = URI("https://{tenant}.atomicwork.com/api/v1/audit-logs/export") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true request = Net::HTTP::Post.new(url) request["X-Workspace-Id"] = '{{workspace_id}}' request["X-Api-Key"] = '' request["Content-Type"] = 'application/json' request.body = "{\n \"0\": {\n \"attribute\": \"event_at\",\n \"operator\": \"IS_BETWEEN\",\n \"values\": [\n {\n \"value\": \"2024-01-01T00:00:00Z\"\n },\n {\n \"value\": \"2024-12-31T23:59:59Z\"\n }\n ]\n },\n \"1\": {\n \"attribute\": \"module\",\n \"operator\": \"IS_ANY_OF\",\n \"values\": [\n {\n \"value\": 1\n },\n {\n \"value\": 9\n }\n ]\n },\n \"2\": {\n \"attribute\": \"event_type\",\n \"operator\": \"IS_ANY_OF\",\n \"values\": [\n {\n \"value\": 2\n },\n {\n \"value\": 3\n }\n ]\n },\n \"3\": {\n \"attribute\": \"actor_id\",\n \"operator\": \"IS_ANY_OF\",\n \"values\": [\n {\n \"value\": 123\n }\n ]\n }\n}" response = http.request(request) puts response.read_body ``` ```java import com.mashape.unirest.http.HttpResponse; import com.mashape.unirest.http.Unirest; HttpResponse response = Unirest.post("https://{tenant}.atomicwork.com/api/v1/audit-logs/export") .header("X-Workspace-Id", "{{workspace_id}}") .header("X-Api-Key", "") .header("Content-Type", "application/json") .body("{\n \"0\": {\n \"attribute\": \"event_at\",\n \"operator\": \"IS_BETWEEN\",\n \"values\": [\n {\n \"value\": \"2024-01-01T00:00:00Z\"\n },\n {\n \"value\": \"2024-12-31T23:59:59Z\"\n }\n ]\n },\n \"1\": {\n \"attribute\": \"module\",\n \"operator\": \"IS_ANY_OF\",\n \"values\": [\n {\n \"value\": 1\n },\n {\n \"value\": 9\n }\n ]\n },\n \"2\": {\n \"attribute\": \"event_type\",\n \"operator\": \"IS_ANY_OF\",\n \"values\": [\n {\n \"value\": 2\n },\n {\n \"value\": 3\n }\n ]\n },\n \"3\": {\n \"attribute\": \"actor_id\",\n \"operator\": \"IS_ANY_OF\",\n \"values\": [\n {\n \"value\": 123\n }\n ]\n }\n}") .asString(); ``` ```php request('POST', 'https://{tenant}.atomicwork.com/api/v1/audit-logs/export', [ 'body' => '{ "0": { "attribute": "event_at", "operator": "IS_BETWEEN", "values": [ { "value": "2024-01-01T00:00:00Z" }, { "value": "2024-12-31T23:59:59Z" } ] }, "1": { "attribute": "module", "operator": "IS_ANY_OF", "values": [ { "value": 1 }, { "value": 9 } ] }, "2": { "attribute": "event_type", "operator": "IS_ANY_OF", "values": [ { "value": 2 }, { "value": 3 } ] }, "3": { "attribute": "actor_id", "operator": "IS_ANY_OF", "values": [ { "value": 123 } ] } }', 'headers' => [ 'Content-Type' => 'application/json', 'X-Api-Key' => '', 'X-Workspace-Id' => '{{workspace_id}}', ], ]); echo $response->getBody(); ``` ```csharp using RestSharp; var client = new RestClient("https://{tenant}.atomicwork.com/api/v1/audit-logs/export"); var request = new RestRequest(Method.POST); request.AddHeader("X-Workspace-Id", "{{workspace_id}}"); request.AddHeader("X-Api-Key", ""); request.AddHeader("Content-Type", "application/json"); request.AddParameter("application/json", "{\n \"0\": {\n \"attribute\": \"event_at\",\n \"operator\": \"IS_BETWEEN\",\n \"values\": [\n {\n \"value\": \"2024-01-01T00:00:00Z\"\n },\n {\n \"value\": \"2024-12-31T23:59:59Z\"\n }\n ]\n },\n \"1\": {\n \"attribute\": \"module\",\n \"operator\": \"IS_ANY_OF\",\n \"values\": [\n {\n \"value\": 1\n },\n {\n \"value\": 9\n }\n ]\n },\n \"2\": {\n \"attribute\": \"event_type\",\n \"operator\": \"IS_ANY_OF\",\n \"values\": [\n {\n \"value\": 2\n },\n {\n \"value\": 3\n }\n ]\n },\n \"3\": {\n \"attribute\": \"actor_id\",\n \"operator\": \"IS_ANY_OF\",\n \"values\": [\n {\n \"value\": 123\n }\n ]\n }\n}", ParameterType.RequestBody); IRestResponse response = client.Execute(request); ``` ```swift import Foundation let headers = [ "X-Workspace-Id": "{{workspace_id}}", "X-Api-Key": "", "Content-Type": "application/json" ] let parameters = [ "0": [ "attribute": "event_at", "operator": "IS_BETWEEN", "values": [["value": "2024-01-01T00:00:00Z"], ["value": "2024-12-31T23:59:59Z"]] ], "1": [ "attribute": "module", "operator": "IS_ANY_OF", "values": [["value": 1], ["value": 9]] ], "2": [ "attribute": "event_type", "operator": "IS_ANY_OF", "values": [["value": 2], ["value": 3]] ], "3": [ "attribute": "actor_id", "operator": "IS_ANY_OF", "values": [["value": 123]] ] ] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://{tenant}.atomicwork.com/api/v1/audit-logs/export")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error as Any) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume() ```