» Audit Trails API

The audit trails API exposes a stream of audit events, which describe changes to the application entities (workspaces, runs, etc.) that belong to a Terraform Cloud organization.

» List an organization's audit events

GET /organization/audit-trail

» Query Parameters

These are standard URL query parameters; remember to percent-encode [ as %5B and ] as %5D if your tooling doesn't automatically encode URLs.

Parameter Description
since Optional. Returns only audit trails created after this date (UTC and in ISO8601 Format - YYYY-MM-DDTHH:MM:SS.SSSZ)
page[number] Optional. If omitted, the endpoint will return the first page.
page[size] Optional. If omitted, the endpoint will return 1000 audit events per page.

» Sample Request

$ curl \
  --header "Authorization: Bearer $TOKEN" \
  --request GET \

» Sample Response

  "data": [
      "id": "ae66e491-db59-457c-8445-9c908ee726ae",
      "version": "0",
      "type": "Resource",
      "timestamp": "2020-06-30T17:52:46.000Z",
      "auth": {
        "accessor_id": "user-MaPuLxAXvtq2PWTH",
        "description": "pveverka",
        "type": "Client",
        "impersonator_id": null,
        "organization_id": "org-AGLwRmx1snv34Yts"
      "request": {
        "id": "4df584d4-7e2a-01e6-6cc0-4adbefa020e6"
      "resource": {
        "id": "at-sjt83qTw3GZatuPm",
        "type": "authentication_token",
        "action": "create",
        "meta": null
  "pagination": {
    "current_page": 1,
    "prev_page": null,
    "next_page": 2,
    "total_pages": 8,
    "total_count": 778

» Response Schema

Each JSON object in the response data array will include the following details, if available:

Key Description
id The ID of this audit trail (UUID format)
version The audit trail schema version
type The type of audit trail (defaults to Resource)
timestamp UTC ISO8601 DateTime (e.g. 2020-06-16T20:26:58.000Z)
auth.accessor_id The ID of audited actor (e.g. user-V3R563qtJNcExAkN)
auth.description Username of audited actor
auth.type Authentication Type (one of Client, Impersonated or System)
auth.impersonator_id The ID of impersonating actor (if available)
auth.organization_id The ID of organization (e.g. org-QpXoEnULx3r2r1CA)
request.id The ID for request (if available) (UUID format)
resource.id The ID of resource (e.g. run-FwnENkvDnrpyFC7M)
resource.type Type of resource (e.g. run)
resource.action Action audited (e.g. applied)
resource.meta Key-value metadata about this audited event