How to export an organization-wide audit logs report using the exportOrgAuditLogsReport GraphQL mutation
BETA - This API is currently in beta testing. If you encounter issues or have feedback, contact our support team.
Overview
The exportOrgAuditLogsReport mutation creates an asynchronous export job that fetches audit log activity across an entire organization and delivers a downloadable report file. You can filter by activity type, date range, and user, and choose between CSV and JSONL output formats.
The export is delivered in one of two ways:
- Email (default): a download link is sent to the requesting user's email once processing is complete.
- Webhook: a push notification is sent to the configured org-level webhook endpoint as soon as processing completes. The download URL is available via the
auditLogExportRequestquery using thecorrelationId.
Looking for pipe-level audit log exports?
Use
exportPipeAuditLogsReportto export audit logs scoped to a single pipe.
Prerequisites
- Authentication: Use a Service Account token (Personal Access Tokens are deprecated).
- Permissions: The authenticated user must have the organization admin role on the target organization.
- Organization UUID: You must know the UUID of the organization. See Get resource IDs.
Mutation Reference
Full signature
mutation ExportOrgAuditLogsReport(
$orgUuid: ID!
$auditLogType: AuditLogTypeEnum
$outputFormat: AuditLogOutputFormat
$deliveryMethod: AuditLogDeliveryMethod
$searchTerm: String
$filterDateFrom: DateTime
$filterDateTo: DateTime
) {
exportOrgAuditLogsReport(input: {
orgUuid: $orgUuid
auditLogType: $auditLogType
outputFormat: $outputFormat
deliveryMethod: $deliveryMethod
searchTerm: $searchTerm
filterDateFrom: $filterDateFrom
filterDateTo: $filterDateTo
}) {
success
correlationId
warning
}
}
Arguments
| Argument | Type | Required | Default | Description |
|---|---|---|---|---|
orgUuid | ID | Yes | — | UUID of the organization |
auditLogType | AuditLogTypeEnum | No | null (all) | Scope export to a specific activity type |
outputFormat | AuditLogOutputFormat | No | CSV | File format for the exported report |
deliveryMethod | AuditLogDeliveryMethod | No | EMAIL | How the export is delivered |
searchTerm | String | No | "" | Filter logs by user name or email (case-insensitive) |
filterDateFrom | DateTime | No | 30 days ago (beginning of day) | Start of the date range (inclusive) |
filterDateTo | DateTime | No | Yesterday (end of day) | End of the date range (inclusive) |
AuditLogTypeEnum values
AuditLogTypeEnum values| Value | Description |
|---|---|
card_activity | Activities related to card execution across all pipes in the organization |
configuration_changes | Activities related to pipe and organization configuration changes |
| (omitted) | All activity types |
AuditLogOutputFormat values
AuditLogOutputFormat values| Value | Description |
|---|---|
CSV | Comma-separated values with UTF-8 BOM header |
JSONL | JSON Lines — one JSON object per line ({ "user": ..., "action": ..., "date": ... }) |
AuditLogDeliveryMethod values
AuditLogDeliveryMethod values| Value | Description |
|---|---|
EMAIL | A download link is sent to the user's email when the export is ready |
WEBHOOK | A push notification is sent to the configured org-level webhook endpoint; the download URL is retrievable via the auditLogExportRequest query |
Response fields
| Field | Type | Description |
|---|---|---|
success | Boolean | true if the export job was created successfully |
correlationId | ID | Unique identifier for this export request. Use it to poll the auditLogExportRequest query when deliveryMethod is WEBHOOK |
warning | String | Present when deliveryMethod is WEBHOOK but no org-level webhook is configured for audit_log.export_finished. null otherwise |
Business Rules
Date range
filterDateFromis normalized to the beginning of the day (00:00:00).filterDateTois normalized to the end of the day (23:59:59).filterDateTomust be afterfilterDateFrom.filterDateTocannot be in the future.- The maximum range between
filterDateFromandfilterDateTois 30 days. filterDateFromcannot be older than 180 days from today.
Rate limit
Each user can create at most 6 export requests per day. Exceeding this limit returns a UsageLimitExceededError.
Webhook warning
When deliveryMethod is WEBHOOK and no org-level webhook is configured for the audit_log.export_finished action, the mutation still succeeds — the export job is created — but the warning field is populated to alert the caller that no push notification will be sent. Configure an org webhook before requesting webhook delivery to avoid this.
Query Reference — auditLogExportRequest
Use this query to retrieve the full details of an export request by its correlationId.
Signature
query AuditLogExportRequest($correlationId: ID!) {
auditLogExportRequest(correlationId: $correlationId) {
correlationId
status
outputFormat
deliveryMethod
signedUrl
signedUrlExpiresAt
dateFrom
dateTo
observation
pipe {
id
uuid
name
}
}
}
Note
For org-scoped exports, the
pipefield always returnsnull. Request it only if your code also handles pipe-scoped exports using the same query.
Arguments
| Argument | Type | Required | Description |
|---|---|---|---|
correlationId | ID | Yes | Returned by exportOrgAuditLogsReport |
Response fields
| Field | Type | Description |
|---|---|---|
correlationId | ID | Unique identifier for this export request |
status | AuditLogExportStatus | PROCESSING, FINISHED, or FAILED |
outputFormat | AuditLogOutputFormat | CSV or JSONL |
deliveryMethod | AuditLogDeliveryMethod | EMAIL or WEBHOOK |
signedUrl | String | Pre-signed download URL — present only when status is FINISHED and deliveryMethod is WEBHOOK |
signedUrlExpiresAt | DateTime | Expiration of the signed URL (up to 7 days) |
dateFrom / dateTo | DateTime | Date range that was exported |
observation | String | Error message — present only when status is FAILED |
pipe | object | Always null for org-scoped exports |
Usage Examples
Minimal — email delivery, all activities, last 30 days
mutation {
exportOrgAuditLogsReport(input: {
orgUuid: "12345678-1234-1234-1234-123456789abc"
}) {
success
correlationId
}
}
{
"data": {
"exportOrgAuditLogsReport": {
"success": true,
"correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}
}
}
Filter by activity type and date range
mutation ExportOrgAuditLogsReport(
$orgUuid: ID!
$auditLogType: AuditLogTypeEnum
$filterDateFrom: DateTime
$filterDateTo: DateTime
) {
exportOrgAuditLogsReport(input: {
orgUuid: $orgUuid
auditLogType: $auditLogType
filterDateFrom: $filterDateFrom
filterDateTo: $filterDateTo
}) {
success
correlationId
}
}
{
"orgUuid": "12345678-1234-1234-1234-123456789abc",
"auditLogType": "card_activity",
"filterDateFrom": "2026-05-01T00:00:00Z",
"filterDateTo": "2026-05-30T23:59:59Z"
}
Filter by user
mutation ExportOrgAuditLogsReport(
$orgUuid: ID!
$searchTerm: String
) {
exportOrgAuditLogsReport(input: {
orgUuid: $orgUuid
searchTerm: $searchTerm
}) {
success
correlationId
}
}
{
"orgUuid": "12345678-1234-1234-1234-123456789abc",
"searchTerm": "[email protected]"
}
Webhook delivery
The delivery method is independent of the output format — WEBHOOK works with either CSV or JSONL. The example below uses JSONL, but CSV behaves the same way.
When deliveryMethod is WEBHOOK, the signed download URL is not sent by email. You can retrieve it in two ways:
- Polling: query
auditLogExportRequestusing thecorrelationIduntilstatusisfinished, then readsignedUrlfor the download link. - Push notification: configure an org-level webhook with action
audit_log.export_finishedto receive an HTTP POST as soon as processing completes. The payload contains onlycorrelation_id(anddetailson failure) — use it to fetch the full export details, includingsignedUrl, viaauditLogExportRequest. See Org Audit Log Export Finished for the full payload reference.
Step 1 — Request the export
mutation ExportOrgAuditLogsReport(
$orgUuid: ID!
$outputFormat: AuditLogOutputFormat
$deliveryMethod: AuditLogDeliveryMethod
) {
exportOrgAuditLogsReport(input: {
orgUuid: $orgUuid
outputFormat: $outputFormat
deliveryMethod: $deliveryMethod
}) {
success
correlationId
warning
}
}
{
"orgUuid": "12345678-1234-1234-1234-123456789abc",
"outputFormat": "JSONL",
"deliveryMethod": "WEBHOOK"
}
Check the
warningfieldIf
warningis present in the response, no push notification will be sent because no org-level webhook is configured foraudit_log.export_finished. Configure the webhook and re-run the mutation.
Step 2 — Poll for status and signed URL
query AuditLogExportRequest($correlationId: ID!) {
auditLogExportRequest(correlationId: $correlationId) {
status
signedUrl
signedUrlExpiresAt
}
}
{
"correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}
Poll until status is finished. The signedUrl field will contain the pre-signed download URL, valid for up to 7 days.
Export File Structure
Each export contains the following columns regardless of the output format:
| Column | Description |
|---|---|
user | Name of the user who performed the action |
action | Localized description of the action |
date | Timestamp of the action (ISO 8601) |
CSV example
User,Action,Date
John Doe,Created card "Q3 Review",2026-05-15T14:32:00Z
Jane Smith,Changed the role of "Alex" from "Viewer" to "Editor" in the "Onboarding" pipe,2026-05-15T15:10:00Z
JSONL example
{"user":"John Doe","action":"Created card \"Q3 Review\"","date":"2026-05-15T14:32:00Z"}
{"user":"Jane Smith","action":"Changed the role of \"Alex\" from \"Viewer\" to \"Editor\" in the \"Onboarding\" pipe","date":"2026-05-15T15:10:00Z"}
Error Handling
Common error scenarios
| Scenario | Error type | Message |
|---|---|---|
| User is not an organization admin | Permission denied | Permission denied |
filterDateTo before filterDateFrom | InvalidInputError | filter_date_to must be after filter_date_from |
| Date range exceeds 30 days | InvalidInputError | date range cannot exceed 30 days |
filterDateFrom older than 180 days | InvalidInputError | filter_date_from cannot be older than 180 days |
filterDateTo in the future | InvalidInputError | filter_date_to cannot be in the future |
| Daily request limit reached | UsageLimitExceededError | You've reached the daily limit for audit log export requests... |
Error response shape
{
"data": {
"exportOrgAuditLogsReport": null
},
"errors": [
{
"message": "filter_date_to must be after filter_date_from",
"locations": [{ "line": 2, "column": 3 }],
"path": ["exportOrgAuditLogsReport"]
}
]
}

