> ## Documentation Index
> Fetch the complete documentation index at: https://arize-ax.mintlify.site/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# List audit logs

> Retrieve a paginated list of authenticated user audit log entries for the
account. Results are ordered newest first.

**Access requirements:**
- The caller must be an account admin.
- The account must have audit logging enabled.

Returns `403` if either condition is not met.

<Warning>This endpoint is in alpha, read more [here](https://arize.com/docs/ax/rest-reference#api-version-stages).</Warning>




## OpenAPI

````yaml https://api.arize.com/v2/spec.yaml get /v2/audit-logs
openapi: 3.0.3
info:
  title: Arize REST API
  version: 2.0.0
  description: |
    API specification for the backend data server. The API is hosted globally
    at https://api.arize.com/v2 or in your own environment.
  license:
    name: Apache-2.0
    url: https://www.apache.org/licenses/LICENSE-2.0
servers:
  - description: Global
    url: https://api.arize.com
  - description: Regional
    url: https://api.{region}.arize.com
    variables:
      region:
        default: eu-west-1a
        enum:
          - eu-west-1a
          - ca-central-1a
  - description: Custom Host
    url: https://{host}
    variables:
      host:
        default: api.arize.com
security:
  - bearerAuth: []
tags:
  - name: AI Integrations
    description: |
      AI integrations configure access to external LLM providers (e.g. OpenAI,
      Azure OpenAI, AWS Bedrock, Vertex AI). Integrations can be scoped to the
      entire account, a specific organization, or a specific space.
  - name: Annotation Configs
    description: >
      Annotation configs allow you to define consistent annotation schemas that

      can be reused across your workspace, ensuring evaluations are structured
      and

      comparable over time.
  - name: Annotation Queues
    description: >
      Annotation queues help you organize and manage human evaluation workflows.

      Use queues to assign spans or examples to annotators for review and
      labeling.
  - name: API Keys
    description: >
      API keys are used to authenticate requests to the Arize API. List your
      keys

      to view metadata; the raw secret is never returned after creation.
  - name: Datasets
    description: |
      Datasets are structured, version-controlled example collections you use to
      run, evaluate, and track LLM experiments.
  - name: Evaluators
    description: >
      Evaluators are reusable evaluation configurations used to assess the
      quality

      of LLM outputs. They can be template-based (using LLM judges) or
      code-based.
  - name: Experiments
    description: >
      Experiments let you systematically test prompt/model changes using
      datasets,

      tasks, and evaluators.
  - name: Integrations
    description: >
      Integrations configure access to external LLM providers (e.g. OpenAI,

      Azure OpenAI, AWS Bedrock, Vertex AI), notifications services (e.g.
      PagerDuty, Slack), and

      your own agents. Integrations can be scoped to the entire account, a
      specific

      organization, or a specific space.
  - name: Organizations
    description: >
      Organizations are top-level containers within an Arize AX account for
      grouping spaces.
  - name: Projects
    description: |
      Projects represent LLM applications being monitored in Arize where you can
      observe traces and spans.
  - name: Prompts
    description: >
      Prompts are reusable, versioned templates for LLM interactions. Use
      prompts

      to standardize and manage how you interact with LLMs across your
      application.
  - name: Resource Restrictions
    description: |
      Endpoints for restricting and unrestricting resources (projects, models).
  - name: Role Bindings
    description: |
      Role bindings assign a role to a user on a resource. REST currently
      supports space- and project-scoped bindings.
  - name: Roles
    description: >
      Roles define sets of permissions that can be assigned to users within an

      account. Create custom roles to tailor access control to your team's
      needs.
  - name: Spaces
    description: >
      Spaces are containers within an organization for grouping related
      projects,

      datasets, and experiments, enabling collaboration or isolated
      experimentation

      with role-based access control.
  - name: Spans
    description: |
      Spans represent individual operations within a trace. A span captures the
      timing, status, and attributes of a single operation in your application.
  - name: Tasks
    description: |
      Tasks are configurable units of work that tie one or more evaluators to a
      data source (project or dataset). Use tasks to automate evaluation of LLM
      outputs, with support for continuous evaluation and backfill runs.
  - name: Users
    description: >
      Users represent members of an account. The Users endpoints allow creating,

      listing, updating (display name), and removing users from the account
      programmatically.
paths:
  /v2/audit-logs:
    get:
      tags:
        - Audit Logs
      summary: List audit logs
      description: >
        Retrieve a paginated list of authenticated user audit log entries for
        the

        account. Results are ordered newest first.


        **Access requirements:**

        - The caller must be an account admin.

        - The account must have audit logging enabled.


        Returns `403` if either condition is not met.


        <Warning>This endpoint is in alpha, read more
        [here](https://arize.com/docs/ax/rest-reference#api-version-stages).</Warning>
      operationId: audit_logs_list
      parameters:
        - $ref: '#/components/parameters/StartTimeQueryParam'
        - $ref: '#/components/parameters/EndTimeQueryParam'
        - $ref: '#/components/parameters/UserIdQueryParam'
        - $ref: '#/components/parameters/OperationTypeQueryParam'
        - $ref: '#/components/parameters/LimitQueryParamMax100'
        - $ref: '#/components/parameters/CursorQueryParam'
      responses:
        '200':
          $ref: '#/components/responses/AuditLogList'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '429':
          $ref: '#/components/responses/RateLimitExceeded'
components:
  parameters:
    StartTimeQueryParam:
      name: start_time
      in: query
      required: false
      description: |
        Inclusive lower bound on `created_at` (ISO 8601 datetime).
        Defaults to 30 days before `end_time` when omitted.
      schema:
        type: string
        format: date-time
      example: '2026-04-18T00:00:00Z'
    EndTimeQueryParam:
      name: end_time
      in: query
      required: false
      description: |
        Inclusive upper bound on `created_at` (ISO 8601 datetime).
        Defaults to the current time when omitted.
      schema:
        type: string
        format: date-time
      example: '2026-05-18T23:59:59Z'
    UserIdQueryParam:
      name: user_id
      in: query
      required: false
      description: >
        Filter results by user (base64 global user ID). When provided, only
        records

        associated with this user are returned. Access requirements vary by
        endpoint —

        some endpoints restrict this filter to account admins.
      schema:
        $ref: '#/components/schemas/Id'
      example: VXNlcjoxMjM0NQ==
    OperationTypeQueryParam:
      name: operation_type
      in: query
      required: false
      description: Filter results to a specific operation type.
      schema:
        $ref: '#/components/schemas/AuditLogOperationType'
      example: MUTATION
    LimitQueryParamMax100:
      name: limit
      in: query
      description: Maximum items to return
      schema:
        type: integer
        minimum: 1
        maximum: 100
        default: 50
    CursorQueryParam:
      name: cursor
      in: query
      description: |
        Opaque pagination cursor returned from a previous response
        (`pagination.next_cursor`). Treat it as an unreadable token; do not
        attempt to parse or construct it.
      schema:
        type: string
  responses:
    AuditLogList:
      description: A paginated list of audit log entries.
      content:
        application/json:
          schema:
            type: object
            required:
              - logs
              - pagination
            properties:
              logs:
                type: array
                items:
                  $ref: '#/components/schemas/AuditLog'
                description: A list of audit log entries, newest first.
              pagination:
                $ref: '#/components/schemas/PaginationMetadata'
                description: Pagination metadata for cursor-based navigation.
          example:
            logs:
              - id: QXVkaXRMb2c6NDI=
                user_id: VXNlcjoxMjM0NQ==
                ip: 1.2.3.4
                operation_type: MUTATION
                operation_name: createAiIntegration
                operation_text: mutation createAiIntegration { ... }
                variables: '{}'
                created_at: '2026-05-18T12:00:00.000Z'
            pagination:
              next_cursor: eyJjcmVhdGVkQXQiOiIyMDI2LTA1LTE4VDEyOjAwOjAwLjAwMFoiLCJpZCI6NDJ9
              has_more: true
    BadRequest:
      description: Invalid request
      content:
        application/problem+json:
          schema:
            $ref: '#/components/schemas/Problem'
          example:
            status: 400
            title: Invalid request parameters
            detail: The 'name' field is required and must be a non-empty string.
            instance: /resource
            type: https://arize.com/docs/ax/rest-reference/errors#invalid-request
    Unauthorized:
      description: Authentication is required
      content:
        application/problem+json:
          schema:
            $ref: '#/components/schemas/Problem'
          example:
            status: 401
            title: Authentication required
            detail: You must be authenticated to access this resource.
            instance: /resource
            type: >-
              https://arize.com/docs/ax/rest-reference/errors#authentication-required
    Forbidden:
      description: Insufficient permissions to access this resource
      content:
        application/problem+json:
          schema:
            $ref: '#/components/schemas/Problem'
          example:
            status: 403
            title: Access forbidden
            detail: You do not have permission to access this resource.
            instance: /resource/12345
            type: https://arize.com/docs/ax/rest-reference/errors#access-forbidden
    RateLimitExceeded:
      description: Rate limit exceeded
      headers:
        Retry-After:
          description: |
            When throttled (429), how long to wait before retrying. Value is
            either a delta-seconds integer.
          schema:
            type: integer
            minimum: 0
          example: 42
      content:
        application/problem+json:
          schema:
            $ref: '#/components/schemas/Problem'
          example:
            status: 429
            title: Rate limit exceeded
            detail: >-
              You have exceeded the allowed number of requests. Please try again
              later.
            instance: /resource
            type: >-
              https://arize.com/docs/ax/rest-reference/errors#rate-limit-exceeded
  schemas:
    Id:
      type: string
      description: A universally unique identifier (base64-encoded opaque string).
      example: RW50aXR5OjEyMzQ1
    AuditLogOperationType:
      type: string
      enum:
        - QUERY
        - MUTATION
        - SUBSCRIPTION
      description: The type of operation that was audited.
    AuditLog:
      type: object
      description: A single audit log entry recording an authenticated user action.
      required:
        - id
        - user_id
        - ip
        - operation_type
        - created_at
      properties:
        id:
          $ref: '#/components/schemas/Id'
          description: The base64-encoded opaque identifier of the audit log entry.
          example: QXVkaXRMb2c6NDI=
        user_id:
          $ref: '#/components/schemas/Id'
          description: The global identifier of the user who performed the action.
          example: VXNlcjoxMjM0NQ==
        ip:
          type: string
          description: The IP address from which the request originated.
          example: 1.2.3.4
        operation_type:
          $ref: '#/components/schemas/AuditLogOperationType'
        operation_name:
          type: string
          nullable: true
          description: The name of the GraphQL operation or REST endpoint.
          example: createAiIntegration
        operation_text:
          type: string
          nullable: true
          description: >-
            The full text of the operation (query or mutation body, or REST
            request body).
          example: mutation createAiIntegration { ... }
        variables:
          type: string
          nullable: true
          description: JSON-serialized variables passed with the operation.
          example: '{}'
        created_at:
          type: string
          format: date-time
          description: ISO 8601 timestamp when the action was recorded.
          example: '2026-05-18T12:00:00.000Z'
      additionalProperties: false
    PaginationMetadata:
      required:
        - has_more
      type: object
      properties:
        next_cursor:
          type: string
          description: >
            Opaque cursor for fetching the next page. Treat as an unreadable
            token.

            Present when `has_more` is true; omitted when `has_more` is false.
        has_more:
          type: boolean
          description: True if another page of results is available.
      description: |
        Cursor-based pagination metadata. Use `next_cursor` in the subsequent
        request's `cursor` query parameter.
      additionalProperties: false
    Problem:
      type: object
      description: RFC 9457 Problem Details
      properties:
        title:
          type: string
          description: A short, human-readable summary of the problem type
        status:
          type: integer
          description: >-
            The HTTP status code generated by the origin server for this
            occurrence of the problem
        type:
          type: string
          format: uri-reference
          description: A URI reference that identifies the problem type
        detail:
          type: string
          description: >-
            A human-readable explanation specific to this occurrence of the
            problem
        instance:
          type: string
          format: uri-reference
          description: >-
            A URI reference that identifies the specific occurrence of the
            problem
      required:
        - title
        - status
      additionalProperties: false
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: <api-key>
      description: >
        Most Arize AI endpoints require authentication. For those endpoints that
        require authentication, include your API key in the request header using
        the format

        ``` Authorization: Bearer <api-key>

        ```

````