Account audits API - GET account audits

Latest Dynatrace
Reference
Published Mar 31, 2026

Gets a list of account-level audit logs assigned to an account.

The request produces an application/json payload.


GET	`https://api.dynatrace.com/audit/v1/accounts/{accountUuid}`

Authentication

To execute this request, you need the Allow read access for identity resources (users and groups) (account-idm-read) scope assigned to your token. To learn how to obtain and use it, see OAuth clients.

Parameters

Parameter	Type	Description	In	Required
accountUuid	string	The ID of the required account. You can find the UUID on the Account Management > Identity & access management > OAuth clients page, during creation of an OAuth client.	path	Required
startTime	string	The start of the requested timeframe Supports absolute timestamps (ISO-8601 or Unix epoch in milliseconds) and relative timestamps (e.g., now()-2d). If using a relative timestamp, it follows the format [now()][-\|+], where now() represents the current time and the offset specifies a duration (e.g., d for days or h for hours).	query	Optional
endTime	string	The end of the requested timeframe. Supports absolute timestamps (ISO-8601 or Unix epoch in milliseconds) and relative timestamps (e.g., now()-2d). If using a relative timestamp, it follows the format [now()][-\|+], where now() represents the current time and the offset specifies a duration (e.g., d for days or h for hours).	query	Optional
addFields	string[]	Comma separated list of additional fields to be included in the response.	query	Optional
filter	-	Additional filter to be included in the request. Supported fields are: Expressions can be combined with boolean operators and, or and not. Example: (resourceName contains 'user' and resource = 'Policy') or not (resourceName starts-with 'test').	query	Optional
limit	-	The maximum number of audit entries to return.	query	Optional
scanLimitGigabyte	-	Limit in gigabytes for the amount of data that will be scanned during read.	query	Optional
resultSizeLimitMegabyte	-	The maximum size of the result set, in megabytes, that will be returned.	query	Optional

Response

Response codes

Code	Type	Description
200	AuditsByAccountDto	Success. The response contains a list of all account level audit entries for the provided query.
400	-	The request was unacceptable, often due to missing a required parameter
401	-	No valid session provided
403	-	Access denied
500	-	Something went wrong on Account Management's end

Response body objects

The `AuditsByAccountDto` object

Element	Type	Description
audits	AuditDto[]	A list of audit records for the account.
warnings	AuditWarningDto[]	A list of warning messages related to the request.

The `AuditDto` object

Element	Type	Description
eventId	string	The ID of the event.
timestamp	string	The timestamp of the audit event (in UTC).
user	string	The email address of the user that performed the operation or DYNATRACE in case the operation was performed by an Dynatrace internal employee.
resource	string	The resource (entity) affected by the operation.
resourceName	string	The name of the resource.
eventProvider	string	Display name of the system that created the event.
eventType	string	The type of the event.
accountUuid	string	The unique identifier of the account.
authenticationClientId	string	The client ID used for authentication.
authenticationGrantType	string	The type of grant used for authentication.
authenticationToken	string	The token used for authentication.
authenticationType	string	The type of authentication used.
details	object	A map that contains additional fields.
eventOutcome	string	If the operation was successful or failed.
eventReason	string	Optional reason for the change.
eventVersion	string	The version of the audit event.
originAddress	string	The originating address of the request.
originSession	string	The session ID of the origin.
originType	string	The origin type of the request
originXForwardedFor	string	The X-Forwarded-For header value from the origin.
resourceId	string	The unique identifier of the resource.
tenantId	string	The unique identifier of the tenant.
userOrganization	string	Organization of the user that performed the operation.

The `AuditWarningDto` object

Element	Type	Description
message	string	A warning message related to the request.

Response body JSON models

{
  "audits": [
    {
      "eventId": "af1f98c9-c611-4056-841b-d039b1af3f98",
      "timestamp": "string",
      "user": "user@company.com",
      "resource": "POLICY",
      "resourceName": "Standard User",
      "eventProvider": "Identity & Account Management",
      "eventType": "CREATE",
      "accountUuid": "6b929f34-bf86-47c6-8a67-4de81011affc",
      "authenticationClientId": "string",
      "authenticationGrantType": "AUTHORIZATION_CODE",
      "authenticationToken": "string",
      "authenticationType": "OAUTH2",
      "details": {
        "json_before": "{property: \"value_old\"}",
        "json_after": "{property: \"value_new\"}"
      },
      "eventOutcome": "SUCCESS",
      "eventReason": "string",
      "eventVersion": "1.0.0",
      "originAddress": "0.0.0.0",
      "originSession": "string",
      "originType": "REST",
      "originXForwardedFor": "192.168.1.1",
      "resourceId": "fc2adb60-5291-43bb-b759-03985ef9a5b0",
      "tenantId": "bfe96125",
      "userOrganization": "CUSTOMER"
    }
  ],
  "warnings": [
    {
      "message": "Your result has been limited to 1."
    }
  ]
}

Example

In this example, the request lists the account audit logs assigned to the accountUuid lk4oo10f-0a5t-566f-gn4f-56hy08c4hh89.

Curl

curl -X 'GET' \
   'https://api.dynatrace.com/audit/v1/accounts/lk4oo10f-0a5t-566f-gn4f-56hy08c4hh89?limit=50&scanLimitGigabyte=500&resultSizeLimitMegabyte=2' \
   -H 'accept: application/json' \
   -H 'Authorization: Bearer eywedGciOiJFUzI1NiIsInR7cCI6IkpCDVIsImtpZCI6IjEifQ'

Request URL

https://api.dynatrace.com/audit/v1/accounts/lk4oo10f-0a5t-566f-gn4f-56hy08c4hh89?limit=50&scanLimitGigabyte=500&resultSizeLimitMegabyte=2

Response body

{
  "audits": [
    {
      "eventId": "af1f90c9-c667-6789-841b-d039b1rt3f98",
      "timestamp": "2026-03-26T15:25:41.893Z",
      "user": "user@company.com",
      "resource": "POLICY",
      "resourceName": "Standard User",
      "eventProvider": "Identity & Account Management",
      "eventType": "CREATE",
      "accountUuid": "lk4oo10f-0a5t-566f-gn4f-56hy08c4hh89",
      "authenticationClientId": "string",
      "authenticationGrantType": "AUTHORIZATION_CODE",
      "authenticationToken": "string",
      "authenticationType": "OAUTH2",
      "details": {
        "json_before": "{property: \"value_old\"}",
        "json_after": "{property: \"value_new\"}"
      },
      "eventOutcome": "SUCCESS",
      "eventReason": "string",
      "eventVersion": "1.0.0",
      "originAddress": "0.0.0.0",
      "originSession": "string",
      "originType": "REST",
      "originXForwardedFor": "192.168.1.1",
      "resourceId": "th2adb56-5291-56hj-b759-03475ef9a5b0",
      "tenantId": "rty45156",
      "userOrganization": "CUSTOMER"
    }
  ],
  "warnings": [
    {
      "message": "Your result has been limited to 1."
    }
  ]
}

Response code

200