An Audit Log Event represents a notable action taken within your application. Each event captures what happened, who did it, what was affected, and contextual information about when and where it occurred.
Create an Audit Log Event.
This API supports idempotency which guarantees that performing the same operation multiple times will have the same result as if the operation were performed only once. This is handy in situations where you may need to retry a request due to a failure or prevent accidental duplicate requests from creating more than one resource.
To achieve idempotency, you can add Idempotency-Key request header to a Create Event request with a unique string as the value. Each subsequent request matching this unique string will return the same response. We suggest using v4 UUIDs for idempotency keys to avoid collisions.
Idempotency keys expire after 24 hours. The API will generate a new response if you submit a request with an expired key.
curl --request POST \ --url https://api.workos.com/audit_logs/events \ --header "Authorization: Bearer sk_example_123456789" \ --header "Content-Type: application/json" \ --header "Idempotency-Key: 884793cd-bef4-46cf-8790-e3d4957a09ce" \ -d @- <<BODY { "organization_id": "org_01EHWNCE74X7JSDV0X3SZ3KJNY", "event": { "action": "user.signed_in", "occurred_at": "2022-09-02T16:35:39.317Z", "version": 1, "actor": { "type": "user", "id": "user_TF4C5938", "metadata": { "role": "admin" } }, "targets": [ { "type": "user", "id": "user_98432YHF", "name": "Jon Smith" }, { "type": "team", "id": "team_J8YASKA2", "metadata": { "owner": "user_01GBTCQ2" } } ], "context": { "location": "123.123.123.123", "user_agent": "Chrome/104.0.0.0" }, "metadata": { "extra": "data" } } } BODY
import { WorkOS } from '@workos-inc/node'; const workos = new WorkOS('sk_example_123456789'); await workos.auditLogs.createEvent( 'org_01EHWNCE74X7JSDV0X3SZ3KJNY', { action: 'user.signed_in', occurredAt: new Date(), version: 1, actor: { type: 'user', id: 'user_TF4C5938', name: 'Jon Smith', metadata: { role: 'admin', }, }, targets: [ { type: 'user', id: 'user_98432YHF', name: 'Jon Smith', }, { type: 'team', id: 'team_J8YASKA2', metadata: { owner: 'user_01GBTCQ2', }, }, ], context: { location: '1.1.1.1', userAgent: 'Chrome/104.0.0.0', }, metadata: { extra: 'data', }, }, { idempotencyKey: '884793cd-bef4-46cf-8790-ed49257a09c6', }, );
require "workos" WorkOS.configure do |config| config.api_key = "sk_example_123456789" end WorkOS.client.audit_logs.create_event( organization_id: "org_01EHWNCE74X7JSDV0X3SZ3KJNY", event: { action: "user.signed_in", occurred_at: "2026-02-02T16:35:39.317Z", actor: { id: "user_TF4C5938", type: "user", name: "Jon Smith", metadata: { owner: "user_01GBTCQ2" } }, targets: [ { id: "user_TF4C5938", type: "user", name: "Jon Smith", metadata: { owner: "user_01GBTCQ2" } } ], context: { location: "123.123.123.123", user_agent: "Chrome/104.0.0.0" }, metadata: { owner: "user_01GBTCQ2" }, version: 1 } )
from workos import WorkOSClient client = WorkOSClient(api_key="sk_example_123456789", client_id="client_123456789") client.audit_logs.create_event( organization_id="org_01EHWNCE74X7JSDV0X3SZ3KJNY", event={ "action": "user.signed_in", "occurred_at": "2026-02-02T16:35:39.317Z", "actor": { "id": "user_TF4C5938", "type": "user", "name": "Jon Smith", "metadata": {"owner": "user_01GBTCQ2"}, }, "targets": [ { "id": "user_TF4C5938", "type": "user", "name": "Jon Smith", "metadata": {"owner": "user_01GBTCQ2"}, } ], "context": {"location": "123.123.123.123", "user_agent": "Chrome/104.0.0.0"}, "metadata": {"owner": "user_01GBTCQ2"}, "version": 1, }, )
package main import ( "context" "github.com/workos/workos-go/v9" ) func main() { client := workos.NewClient("sk_example_123456789") _, err := client.AuditLogs().CreateEvent(context.Background(), &workos.AuditLogsCreateEventParams{ OrganizationID: "org_01EHWNCE74X7JSDV0X3SZ3KJNY", Event: map[string]any{ "action": "user.signed_in", "occurred_at": "2026-02-02T16:35:39.317Z", "actor": map[string]any{ "id": "user_TF4C5938", "type": "user", "name": "Jon Smith", "metadata": map[string]any{"owner": "user_01GBTCQ2"}, }, "targets": []any{ map[string]any{ "id": "user_TF4C5938", "type": "user", "name": "Jon Smith", "metadata": map[string]any{"owner": "user_01GBTCQ2"}, }, }, "context": map[string]any{"location": "123.123.123.123", "user_agent": "Chrome/104.0.0.0"}, "metadata": map[string]any{"owner": "user_01GBTCQ2"}, "version": 1, }, }) if err != nil { panic(err) } }
<?php use WorkOS\WorkOS; $workos = new WorkOS( apiKey: "sk_example_123456789", clientId: "client_123456789", ); $workos->auditLogs()->createEvent( organizationId: "org_01EHWNCE74X7JSDV0X3SZ3KJNY", event: [ "action" => "user.signed_in", "occurred_at" => "2026-02-02T16:35:39.317Z", "actor" => [ "id" => "user_TF4C5938", "type" => "user", "name" => "Jon Smith", "metadata" => ["owner" => "user_01GBTCQ2"], ], "targets" => [ [ "id" => "user_TF4C5938", "type" => "user", "name" => "Jon Smith", "metadata" => ["owner" => "user_01GBTCQ2"], ], ], "context" => [ "location" => "123.123.123.123", "user_agent" => "Chrome/104.0.0.0", ], "metadata" => ["owner" => "user_01GBTCQ2"], "version" => 1, ], );
import com.workos.WorkOS; import com.workos.auditlogs.AuditLogsApi.CreateEventOptions; WorkOS workos = new WorkOS("sk_example_123456789"); CreateEventOptions options = CreateEventOptions.builder() .organizationId("org_01EHWNCE74X7JSDV0X3SZ3KJNY") .event(Map.of("action", "user.signed_in", "occurred_at", "2026-02-02T16:35:39.317Z", "actor", Map.of("id", "user_TF4C5938", "type", "user", "name", "Jon Smith", "metadata", Map.of("owner", "user_01GBTCQ2")), "targets", List.of(Map.of("id", "user_TF4C5938", "type", "user", "name", "Jon Smith", "metadata", Map.of("owner", "user_01GBTCQ2"))), "context", Map.of("location", "123.123.123.123", "user_agent", "Chrome/104.0.0.0"), "metadata", Map.of("owner", "user_01GBTCQ2"), "version", 1)) .build(); workos.auditLogs.createEvent(options);
using WorkOS; var client = new WorkOSClient(new WorkOSOptions { ApiKey = "sk_example_123456789", ClientId = "client_123456789", }); await client.AuditLogs.CreateEventAsync(new AuditLogsCreateEventOptions { OrganizationId = "org_01EHWNCE74X7JSDV0X3SZ3KJNY", Event = new Dictionary<string, object> { { "action", "user.signed_in" }, { "occurred_at", "2026-02-02T16:35:39.317Z" }, { "actor", new Dictionary<string, object> { { "id", "user_TF4C5938" }, { "type", "user" }, { "name", "Jon Smith" }, { "metadata", new Dictionary<string, object> { { "owner", "user_01GBTCQ2" }, } }, } }, { "targets", new[] { new Dictionary<string, object> { { "id", "user_TF4C5938" }, { "type", "user" }, { "name", "Jon Smith" }, { "metadata", new Dictionary<string, object> { { "owner", "user_01GBTCQ2" }, } }, }, } }, { "context", new Dictionary<string, object> { { "location", "123.123.123.123" }, { "user_agent", "Chrome/104.0.0.0" }, } }, { "metadata", new Dictionary<string, object> { { "owner", "user_01GBTCQ2" }, } }, { "version", 1 }, }, });
use workos::Client; use workos::audit_logs::CreateEventParams; #[tokio::main] async fn main() -> Result<(), workos::Error> { let client = Client::builder() .api_key("sk_example_123456789") .client_id("client_123456789") .build(); let _result = client .audit_logs() .create_event( CreateEventParams { organization_id: "org_01EHWNCE74X7JSDV0X3SZ3KJNY".into(), event: serde_json::json!({ "action": "user.signed_in", "occurred_at": "2026-02-02T16:35:39.317Z", "actor": serde_json::json!({ "id": "user_TF4C5938", "type": "user", "name": "Jon Smith", "metadata": serde_json::json!({ "owner": "user_01GBTCQ2" }), }), "targets": vec![ serde_json::json!({ "id": "user_TF4C5938", "type": "user", "name": "Jon Smith", "metadata": serde_json::json!({ "owner": "user_01GBTCQ2" }), }), ], "context": serde_json::json!({ "location": "123.123.123.123", "user_agent": "Chrome/104.0.0.0", }), "metadata": serde_json::json!({ "owner": "user_01GBTCQ2" }), "version": 1, }), ..Default::default() } ) .await?; Ok(()) }
POST/audit_logsParameters Returns