DocumentationBlogSupport
Log inSign up
Log inSign up
BlogSupport
Build
Getting StartedPlatform Introduction
Embedded Apps
OverviewDeveloper GuideSidebar API Quick StartSubmission Checklist for Embedded Apps
Design Guidelines
MessagingMeetingsDevicesSidebar
API Reference
BotsButtons and CardsIntegrationsService AppsLogin with WebexGuest IssuerWidgetsWebex ConnectInstant ConnectDeveloper SandboxSubmit Your AppSupport PolicyFAQs
APIs
API Behavior ChangesPartners API GuideXML API DeprecationAccess the APIREST API BasicsComplianceWebhooksWebex APIs
Admin
OverviewAdmin APIsAuthentication
Guides
Hybrid ServicesWebhooksReal-time File DLP BasicsUsing Webex Service AppsProvisioning APIsAudit Events Error Reference
Reference
Admin Audit EventsAuthorizationsEventsGroupsHistorical AnalyticsHybrid ClustersHybrid ConnectorsLicensesMeeting QualitiesOrganization ContactsOrganizationsPartner ManagementPartner TagsPeopleRecording ReportRecordingsReport TemplatesReportsResource Group MembershipsResource GroupsRolesSecurity Audit Events
GETList Security Audit Events
Session TypesSpace ClassificationsTracking CodesWorkspace LocationsWorkspace Metrics
Webex Calling Beta
Overview
Guides
Integrations and Authorization
Webex Calling
OverviewSDKs and ToolsWhat's New
Guides
Integrations and AuthorizationProvisioning APIsWebex for Wholesale
Reference
Call ControlsCall RoutingCalling Service SettingsDECT Devices SettingsDevice Call SettingsDevicesFeatures: Announcement RepositoryFeatures: Auto AttendantFeatures: Call ParkFeatures: Call PickupFeatures: Call QueueFeatures: Call RecordingFeatures: Hunt GroupFeatures: Paging GroupLocation Call SettingsLocation Call Settings: Call HandlingLocation Call Settings: SchedulesLocation Call Settings: VoicemailLocationsNumbersPeopleRecording ReportReportsReports: Detailed Call HistoryUser Call SettingsVirtual Line Call SettingsWholesale Billing ReportsWholesale ProvisioningWorkspace Call SettingsWorkspaces
Webex for Broadworks
Overview
Guides
Integrations and AuthorizationWholesale and Broadworks Common GuideDeveloper's Guide
Reference
BroadWorks Billing ReportsBroadWorks EnterprisesBroadWorks SubscribersBroadWorks Workspaces
Webex for UCM
Guides
Integrations and Authorization
Reference
UCM Profile
Contact Center
Overview
Customer Journey Data
Overview
Guides
Getting StartedFAQ
Devices
Overview
Guides
Devices
Reference
Device Call SettingsDevice ConfigurationsDevicesWorkspace LocationsWorkspace MetricsWorkspace PersonalizationWorkspacesxAPI
Meetings
Overview
Guides
Integrations and AuthorizationWebhooksUsing Webex Service AppsWebinar GuideMeeting Resource Guide
Reference
Meeting ChatsMeeting Closed CaptionsMeeting InviteesMeeting MessagesMeeting ParticipantsMeeting PollsMeeting PreferencesMeeting Q and AMeeting QualitiesMeeting TranscriptsMeetingsMeetings Summary ReportPeopleRecording ReportRecordingsSession TypesTracking CodesVideo MeshWebhooks
Messaging
Overview
Guides
BotsIntegrations and AuthorizationWebhooksUsing Webex Service AppsButtons and Cards
Reference
Attachment ActionsEventsMembershipsMessagesPeopleRoom TabsRoomsTeam MembershipsTeamsTracking CodesWebhooks
Webex Assistant Skills
Overview
Guides
Skills SDK GuideSkills Developer PortalSkills Reference GuideSkills UX Guide
FedRAMP
Overview
Guides
Create a BotCreate an IntegrationNotes on API Support
Workspace Integrations
OverviewTechnical DetailsControl Hub Features
Webex Status API
Full API Reference
Admin Audit EventsAttachment ActionsAuthorizationsBroadWorks Billing ReportsBroadWorks EnterprisesBroadWorks SubscribersBroadWorks WorkspacesCall ControlsCall RoutingCalling Service SettingsDECT Devices SettingsDevice Call SettingsDevice ConfigurationsDevicesEventsFeatures: Announcement RepositoryFeatures: Auto AttendantFeatures: Call ParkFeatures: Call PickupFeatures: Call QueueFeatures: Call RecordingFeatures: Hunt GroupFeatures: Paging GroupGroupsHistorical AnalyticsHybrid ClustersHybrid ConnectorsLicensesLocation Call SettingsLocation Call Settings: Call HandlingLocation Call Settings: SchedulesLocation Call Settings: VoicemailLocationsMeeting ChatsMeeting Closed CaptionsMeeting InviteesMeeting MessagesMeeting ParticipantsMeeting PollsMeeting PreferencesMeeting Q and AMeeting QualitiesMeeting TranscriptsMeetingsMeetings Summary ReportMembershipsMessagesNumbersOrganization ContactsOrganizationsPartner ManagementPartner TagsPeopleRecording ReportRecordingsReport TemplatesReportsReports: Detailed Call HistoryResource Group MembershipsResource GroupsRolesRoom TabsRoomsSecurity Audit Events
GETList Security Audit Events
Session TypesSiteSpace ClassificationsTeam MembershipsTeamsTracking CodesUCM ProfileUser Call SettingsVideo MeshVirtual Line Call SettingsWebhooksWholesale Billing ReportsWholesale ProvisioningWorkspace Call SettingsWorkspace LocationsWorkspace MetricsWorkspace PersonalizationWorkspacesxAPI
API Changelog
SDKs
iOSAndroidBrowserNode.jsJava
Developer CommunityCertifications

List Security Audit Events

List Security Audit Events. This API currently returns user sign-in and sign-out data. To call this API the audit:events_read scope must be selected for the Integration or Service App and auhtorized by a Full Admin.

Several query parameters are available to filter the response.

Long result sets will be split into multiple pages

NOTE: A maximum of one year of audit events can be returned per request.

GET/v1/admin/securityAudit/events
Query Parameters
orgId
stringrequired

List events in this organization, by ID.

startTime
required

List events which occurred after a specific date and time.

endTime
required

List events which occurred before a specific date and time.

actorId
string

List events performed by this person, by ID.

max
number

Limit the maximum number of events in the response. The maximum value is 1000.

Default: 100
eventCategories
list

List events, by event categories.

Response Properties
items
array[Security Audit Event]

array of monitoring Audit events

data
object
actorOrgName
string

The display name of the organization.

eventDescription
string

A description for the event.

actorName
string

The name of the person who performed the action.

actorEmail
string

The email of the person who performed the action.

actorUserAgent
string

The browser user agent of the person who performed the action.

trackingId
string

A tracking identifier for the event.

eventCategory
string

The category of resource changed by the event.

actorIp
string

The IP address of the person who performed the action.

actionText
string

A more detailed description of the change made by the person.

created
string

The date and time the event took place.

actorOrgId
string

The orgId of the person who made the change.

id
string

A unique identifier for the event.

actorId
string

The personId of the person who made the change.

Response Codes

The list below describes the common success and error responses you should expect from the API.

CodeStatusDescription
200OKSuccessful request with body content.
201CreatedThe request has succeeded and has led to the creation of a resource.
202AcceptedThe request has been accepted for processing.
204No ContentSuccessful request without body content.
400Bad RequestThe request was invalid or cannot be otherwise served. An accompanying error message will explain further.
401UnauthorizedAuthentication credentials were missing or incorrect.
403ForbiddenThe request is understood, but it has been refused or access is not allowed.
404Not FoundThe URI requested is invalid or the resource requested, such as a user, does not exist. Also returned when the requested format is not supported by the requested method.
405Method Not AllowedThe request was made to a resource using an HTTP request method that is not supported.
409ConflictThe request could not be processed because it conflicts with some established rule of the system. For example, a person may not be added to a room more than once.
410GoneThe requested resource is no longer available.
415Unsupported Media TypeThe request was made to a resource without specifying a media type or used a media type that is not supported.
423LockedThe requested resource is temporarily unavailable. A Retry-After header may be present that specifies how many seconds you need to wait before attempting the request again.
428Precondition RequiredFile(s) cannot be scanned for malware and need to be force downloaded.
429Too Many RequestsToo many requests have been sent in a given amount of time and the request has been rate limited. A Retry-After header should be present that specifies how many seconds you need to wait before a successful request can be made.
500Internal Server ErrorSomething went wrong on the server. If the issue persists, feel free to contact the Webex Developer Support team.
502Bad GatewayThe server received an invalid response from an upstream server while processing the request. Try again later.
503Service UnavailableServer is overloaded with requests. Try again later.
504Gateway TimeoutAn upstream server failed to respond on time. If your query uses max parameter, please try to reduce it.
  • Try it
  • Example
GET
/v1/admin/securityAudit/events{?orgId,startTime,endTime,actorId,max,eventCategories}
Log in to try the API.
Header
Query Parameters
  • List events in this organization, by ID.
  • List events which occurred after a specific date and time.
  • List events which occurred before a specific date and time.
  • List events performed by this person, by ID.
  • Limit the maximum number of events in the response. The maximum value is `1000`.
  • List events, by event categories.
  • Request
  • Response
https://webexapis.com/v1/admin/securityAudit/events?orgId=Y2lzY29zcGFyazovL3VzL09SR0FOSVpBVElPTi85NmFiYzJhYS0zZGNjLTExZTUtYTE1Mi1mZTM0ODE5Y2RjOWE&startTime=2018-01-01T13:12:11.789Z&endTime=2018-01-01T14:12:11.789Z&actorId=Y2lzY29zcGFyazovL3VzL1BFT1BMRS9iYzQ1YTdiMC00OTg1LTQzYzktYjI1OS00Y2MzOTgzYzY4NjQ&max=100&eventCategories=LOGINS
200 / OK
{
  "items": [
    {
      "data": {
        "actorOrgName": "Acme Inc.",
        "eventDescription": "An Admin logged in",
        "actorName": "Joe Smith",
        "actorEmail": "joe@example.com",
        "actorUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36",
        "trackingId": "ATLAS_6f23a878-bcd4-c204-a4db-e701b42b0e5c_0",
        "eventCategory": "LOGINS",
        "actorIp": "128.107.241.191",
        "actionText": "Joe Smith logged into organization Acme Inc."
      },
      "created": "2019-01-02T16:58:36.845Z",
      "actorOrgId": "Y2lzY29zcGFyazovL3VzL09SR0FOSVpBVElPTi85NmFiYzJhYS0zZGNjLTExZTUtYTE1Mi1mZTM0ODE5Y2RjOWE",
      "id": "MjQ0ODhiZTYtY2FiMS00ZGRkLTk0NWQtZDFlYjkzOGQ4NGUy",
      "actorId": "Y2lzY29zcGFyazovL3VzL1BFT1BMRS82ZWVmOGE4ZS1lNzg3LTQzMWUtOWM3ZC1hOGVjZmU1MjM5Nzc"
    }
  ]
}

Connect

Support

Developer Community

Developer Events

Contact Sales

Handy Links

Webex Ambassadors

Webex App Hub

Resources

Open Source Bot Starter Kits

Download Webex

DevNet Learning Labs

Terms of Service

Privacy Policy

Cookie Policy

Trademarks

© 2023 Cisco and/or its affiliates. All rights reserved.