Export Org Audit Logs Report

How to export an organization-wide audit logs report using the exportOrgAuditLogsReport GraphQL mutation

⚠️

BETA - This API is currently in beta testing. If you encounter issues or have feedback, contact our support team.

Overview

The exportOrgAuditLogsReport mutation creates an asynchronous export job that fetches audit log activity across an entire organization and delivers a downloadable report file. You can filter by activity type, date range, and user, and choose between CSV and JSONL output formats.

The export is delivered in one of two ways:

  • Email (default): a download link is sent to the requesting user's email once processing is complete.
  • Webhook: a push notification is sent to the configured org-level webhook endpoint as soon as processing completes. The download URL is available via the auditLogExportRequest query using the correlationId.

📘

Looking for pipe-level audit log exports?

Use exportPipeAuditLogsReport to export audit logs scoped to a single pipe.

Prerequisites

  1. Authentication: Use a Service Account token (Personal Access Tokens are deprecated).
  2. Permissions: The authenticated user must have the organization admin role on the target organization.
  3. Organization UUID: You must know the UUID of the organization. See Get resource IDs.

Mutation Reference

Full signature

mutation ExportOrgAuditLogsReport(
  $orgUuid: ID!
  $auditLogType: AuditLogTypeEnum
  $outputFormat: AuditLogOutputFormat
  $deliveryMethod: AuditLogDeliveryMethod
  $searchTerm: String
  $filterDateFrom: DateTime
  $filterDateTo: DateTime
) {
  exportOrgAuditLogsReport(input: {
    orgUuid: $orgUuid
    auditLogType: $auditLogType
    outputFormat: $outputFormat
    deliveryMethod: $deliveryMethod
    searchTerm: $searchTerm
    filterDateFrom: $filterDateFrom
    filterDateTo: $filterDateTo
  }) {
    success
    correlationId
    warning
  }
}

Arguments

ArgumentTypeRequiredDefaultDescription
orgUuidIDYesUUID of the organization
auditLogTypeAuditLogTypeEnumNonull (all)Scope export to a specific activity type
outputFormatAuditLogOutputFormatNoCSVFile format for the exported report
deliveryMethodAuditLogDeliveryMethodNoEMAILHow the export is delivered
searchTermStringNo""Filter logs by user name or email (case-insensitive)
filterDateFromDateTimeNo30 days ago (beginning of day)Start of the date range (inclusive)
filterDateToDateTimeNoYesterday (end of day)End of the date range (inclusive)

AuditLogTypeEnum values

ValueDescription
card_activityActivities related to card execution across all pipes in the organization
configuration_changesActivities related to pipe and organization configuration changes
(omitted)All activity types

AuditLogOutputFormat values

ValueDescription
CSVComma-separated values with UTF-8 BOM header
JSONLJSON Lines — one JSON object per line ({ "user": ..., "action": ..., "date": ... })

AuditLogDeliveryMethod values

ValueDescription
EMAILA download link is sent to the user's email when the export is ready
WEBHOOKA push notification is sent to the configured org-level webhook endpoint; the download URL is retrievable via the auditLogExportRequest query

Response fields

FieldTypeDescription
successBooleantrue if the export job was created successfully
correlationIdIDUnique identifier for this export request. Use it to poll the auditLogExportRequest query when deliveryMethod is WEBHOOK
warningStringPresent when deliveryMethod is WEBHOOK but no org-level webhook is configured for audit_log.export_finished. null otherwise

Business Rules

Date range

  • filterDateFrom is normalized to the beginning of the day (00:00:00).
  • filterDateTo is normalized to the end of the day (23:59:59).
  • filterDateTo must be after filterDateFrom.
  • filterDateTo cannot be in the future.
  • The maximum range between filterDateFrom and filterDateTo is 30 days.
  • filterDateFrom cannot be older than 180 days from today.

Rate limit

Each user can create at most 6 export requests per day. Exceeding this limit returns a UsageLimitExceededError.

Webhook warning

When deliveryMethod is WEBHOOK and no org-level webhook is configured for the audit_log.export_finished action, the mutation still succeeds — the export job is created — but the warning field is populated to alert the caller that no push notification will be sent. Configure an org webhook before requesting webhook delivery to avoid this.


Query Reference — auditLogExportRequest

Use this query to retrieve the full details of an export request by its correlationId.

Signature

query AuditLogExportRequest($correlationId: ID!) {
  auditLogExportRequest(correlationId: $correlationId) {
    correlationId
    status
    outputFormat
    deliveryMethod
    signedUrl
    signedUrlExpiresAt
    dateFrom
    dateTo
    observation
    pipe {
      id
      uuid
      name
    }
  }
}

📘

Note

For org-scoped exports, the pipe field always returns null. Request it only if your code also handles pipe-scoped exports using the same query.

Arguments

ArgumentTypeRequiredDescription
correlationIdIDYesReturned by exportOrgAuditLogsReport

Response fields

FieldTypeDescription
correlationIdIDUnique identifier for this export request
statusAuditLogExportStatusPROCESSING, FINISHED, or FAILED
outputFormatAuditLogOutputFormatCSV or JSONL
deliveryMethodAuditLogDeliveryMethodEMAIL or WEBHOOK
signedUrlStringPre-signed download URL — present only when status is FINISHED and deliveryMethod is WEBHOOK
signedUrlExpiresAtDateTimeExpiration of the signed URL (up to 7 days)
dateFrom / dateToDateTimeDate range that was exported
observationStringError message — present only when status is FAILED
pipeobjectAlways null for org-scoped exports

Usage Examples

Minimal — email delivery, all activities, last 30 days

mutation {
  exportOrgAuditLogsReport(input: {
    orgUuid: "12345678-1234-1234-1234-123456789abc"
  }) {
    success
    correlationId
  }
}
{
  "data": {
    "exportOrgAuditLogsReport": {
      "success": true,
      "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
    }
  }
}

Filter by activity type and date range

mutation ExportOrgAuditLogsReport(
  $orgUuid: ID!
  $auditLogType: AuditLogTypeEnum
  $filterDateFrom: DateTime
  $filterDateTo: DateTime
) {
  exportOrgAuditLogsReport(input: {
    orgUuid: $orgUuid
    auditLogType: $auditLogType
    filterDateFrom: $filterDateFrom
    filterDateTo: $filterDateTo
  }) {
    success
    correlationId
  }
}
{
  "orgUuid": "12345678-1234-1234-1234-123456789abc",
  "auditLogType": "card_activity",
  "filterDateFrom": "2026-05-01T00:00:00Z",
  "filterDateTo": "2026-05-30T23:59:59Z"
}

Filter by user

mutation ExportOrgAuditLogsReport(
  $orgUuid: ID!
  $searchTerm: String
) {
  exportOrgAuditLogsReport(input: {
    orgUuid: $orgUuid
    searchTerm: $searchTerm
  }) {
    success
    correlationId
  }
}
{
  "orgUuid": "12345678-1234-1234-1234-123456789abc",
  "searchTerm": "[email protected]"
}

Webhook delivery

The delivery method is independent of the output format — WEBHOOK works with either CSV or JSONL. The example below uses JSONL, but CSV behaves the same way.

When deliveryMethod is WEBHOOK, the signed download URL is not sent by email. You can retrieve it in two ways:

  • Polling: query auditLogExportRequest using the correlationId until status is finished, then read signedUrl for the download link.
  • Push notification: configure an org-level webhook with action audit_log.export_finished to receive an HTTP POST as soon as processing completes. The payload contains only correlation_id (and details on failure) — use it to fetch the full export details, including signedUrl, via auditLogExportRequest. See Org Audit Log Export Finished for the full payload reference.

Step 1 — Request the export

mutation ExportOrgAuditLogsReport(
  $orgUuid: ID!
  $outputFormat: AuditLogOutputFormat
  $deliveryMethod: AuditLogDeliveryMethod
) {
  exportOrgAuditLogsReport(input: {
    orgUuid: $orgUuid
    outputFormat: $outputFormat
    deliveryMethod: $deliveryMethod
  }) {
    success
    correlationId
    warning
  }
}
{
  "orgUuid": "12345678-1234-1234-1234-123456789abc",
  "outputFormat": "JSONL",
  "deliveryMethod": "WEBHOOK"
}

📘

Check the warning field

If warning is present in the response, no push notification will be sent because no org-level webhook is configured for audit_log.export_finished. Configure the webhook and re-run the mutation.

Step 2 — Poll for status and signed URL

query AuditLogExportRequest($correlationId: ID!) {
  auditLogExportRequest(correlationId: $correlationId) {
    status
    signedUrl
    signedUrlExpiresAt
  }
}
{
  "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}

Poll until status is finished. The signedUrl field will contain the pre-signed download URL, valid for up to 7 days.


Export File Structure

Each export contains the following columns regardless of the output format:

ColumnDescription
userName of the user who performed the action
actionLocalized description of the action
dateTimestamp of the action (ISO 8601)

CSV example

User,Action,Date
John Doe,Created card "Q3 Review",2026-05-15T14:32:00Z
Jane Smith,Changed the role of "Alex" from "Viewer" to "Editor" in the "Onboarding" pipe,2026-05-15T15:10:00Z

JSONL example

{"user":"John Doe","action":"Created card \"Q3 Review\"","date":"2026-05-15T14:32:00Z"}
{"user":"Jane Smith","action":"Changed the role of \"Alex\" from \"Viewer\" to \"Editor\" in the \"Onboarding\" pipe","date":"2026-05-15T15:10:00Z"}

Error Handling

Common error scenarios

ScenarioError typeMessage
User is not an organization adminPermission deniedPermission denied
filterDateTo before filterDateFromInvalidInputErrorfilter_date_to must be after filter_date_from
Date range exceeds 30 daysInvalidInputErrordate range cannot exceed 30 days
filterDateFrom older than 180 daysInvalidInputErrorfilter_date_from cannot be older than 180 days
filterDateTo in the futureInvalidInputErrorfilter_date_to cannot be in the future
Daily request limit reachedUsageLimitExceededErrorYou've reached the daily limit for audit log export requests...

Error response shape

{
  "data": {
    "exportOrgAuditLogsReport": null
  },
  "errors": [
    {
      "message": "filter_date_to must be after filter_date_from",
      "locations": [{ "line": 2, "column": 3 }],
      "path": ["exportOrgAuditLogsReport"]
    }
  ]
}