Auth0 API

Logs

logs

Methods

Search Log Events -> LogsPageNumberPage<{ audience, client_id, client_name, 17 more... }>
get/logs

Retrieve log entries that match the specified search criteria (or all log entries if no criteria specified).

Set custom search criteria using the q parameter, or search from a specific log ID ("search from checkpoint").

For more information on all possible event types, their respective acronyms, and descriptions, see Log Event Type Codes.

To set custom search criteria, use the following parameters:
  • q: Search Criteria using Query String Syntax
  • page: Page index of the results to return. First page is 0.
  • per_page: Number of results per page.
  • sort: Field to use for sorting appended with `:1` for ascending and `:-1` for descending. e.g. `date:-1`
  • fields: Comma-separated list of fields to include or exclude (depending on include_fields) from the result, empty to retrieve all fields.
  • include_fields: Whether specified fields are to be included (true) or excluded (false).
  • include_totals: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). Deprecated: this field is deprecated and should be removed from use. See Search Engine V3 Breaking Changes

For more information on the list of fields that can be used in fields and sort, see Searchable Fields.

Auth0 limits the number of logs you can return by search criteria to 100 logs per request. Furthermore, you may paginate only through 1,000 search results. If you exceed this threshold, please redefine your search or use the get logs by checkpoint method.

To search from a checkpoint log ID, use the following parameters:
  • from: Log Event ID from which to start retrieving logs. You can limit the number of logs returned using the take parameter. If you use from at the same time as q, from takes precedence and q is ignored.
  • take: Number of entries to retrieve when using the from parameter.

Important: When fetching logs from a checkpoint log ID, any parameter other than from and take will be ignored, and date ordering is not guaranteed.

Get A Log Event By ID -> { audience, client_id, client_name, 17 more... }
get/logs/{id}

Retrieve an individual log event.

Security

Example: Authorization: Bearer My Bearer Token

Parameters
id: string
Response fields
audience: string
Optional

API audience the event applies to.

client_id: string
Optional

ID of the client (application).

client_name: string
Optional

Name of the client (application).

connection: string
Optional

Name of the connection the event relates to.

connection_id: string
Optional

ID of the connection the event relates to.

date: string | Record<string, unknown>
Optional

Date when the event occurred in ISO 8601 format.

description: string
Optional

Description of this event.

details: Record<string, unknown>
Optional

Additional useful details about this event (structure is dependent upon event type).

hostname: string
Optional

Hostname the event applies to.

ip: string
Optional

IP address of the log event source.

isMobile: boolean
Optional

Whether the client was a mobile device (true) or desktop/laptop/server (false).

location_info: { city_name, continent_code, country_code, 5 more... }
Optional

Information about the location that triggered this event based on the ip.

log_id: string
Optional

Unique ID of the event.

scope: string
Optional

Scope permissions applied to the event.

strategy: string
Optional

Name of the strategy involved in the event.

strategy_type: string
Optional

Type of strategy involved in the event.

type: string
Optional

Type of event.

user_agent: string
Optional

User agent string from the client device that caused the event.

user_id: string
Optional

ID of the user involved in the event.

user_name: string
Optional

Name of the user involved in the event.

Request example
200Example