» Audit Trails API

The audit trails API exposes a stream of audit events, which describe changes to the application entities (workspaces, runs, etc.) that belong to a Terraform Cloud organization.

» List Audit Trails

GET /organization/audit-trail

» Query Parameters

Parameter Description
since Optional. Returns only audit trails created after this date (UTC and in ISO8601 Format - YYYY-MM-DDTHH:MM:SS.SSSZ)
page Optional. If omitted, the endpoint will return the first page.

» Sample Request

$ curl \
  --header "Authorization: Bearer $TOKEN" \
  --request GET \

» Sample Response

  "data": [
      "id": "ae66e491-db59-457c-8445-9c908ee726ae",
      "version": "0",
      "type": "Resource",
      "timestamp": "2020-06-30T17:52:46.000Z",
      "auth": {
        "accessor_id": "user-MaPuLxAXvtq2PWTH",
        "description": "pveverka",
        "type": "Client",
        "impersonator_id": null,
        "organization_id": "org-AGLwRmx1snv34Yts"
      "request": {
        "id": "4df584d4-7e2a-01e6-6cc0-4adbefa020e6"
      "resource": {
        "id": "at-sjt83qTw3GZatuPm",
        "type": "authentication_token",
        "action": "create",
        "meta": null
  "pagination": {
    "current_page": 1,
    "prev_page": null,
    "next_page": 2,
    "total_pages": 8,
    "total_count": 778

» Response Schema

Each JSON object in the response data array will include the following details, if available:

Key Description
id ID of this audit trail (UUID format)
version version of HashiCorp Audit Trail schema
type type of Audit Trail (defaults to Resource)
timestamp UTC ISO8901 DateTime (e.g. 2020-06-16T20:26:58.000Z)
auth.accessor_id ID of audited actor (e.g. user-V3R563qtJNcExAkN)
auth.description Username of audited actor
auth.type Authentication Type (one of Client, Impersonated or System)
auth.impersonator_id ID of impersonating actor (if available)
auth.organization_id ID of organization (e.g. org-QpXoEnULx3r2r1CA)
request.id ID for request (if available) (UUID format)
resource.id ID of resource (e.g. run-FwnENkvDnrpyFC7M)
resource.type Type of resource (e.g. run)
resource.action Action audited (e.g. applied)
resource.meta Key-value metadata about this audited event