Get audit logs for the current user’s organization.
Query Parameters
Return logs before this cursor/timestamp
Return logs after this cursor/timestamp
Maximum number of audit log entries to return
Response
Response Structure
The API returns audit log data with the following schema:
{
"audit_logs": [
{
"action": "string", // The action that was performed
"user_id": "string|null", // User identifier
"user_email": "string|null", // User email address
"created_at": "number", // Creation timestamp (Unix timestamp in milliseconds)
// Additional fields specific to the action type
}
]
}
Action Types and Data Schemas
The following actions are tracked in audit logs. Each action type returns the specific fields for that action:
Member Management
add_enterprise_member
Logs when users are added to an enterprise.
{
"action": "add_enterprise_member",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"target_user_id": "string",
"roles": ["string"]
}
add_member
Logs when users are added to an organization.
{
"action": "add_member",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"target_user_id": "string",
"roles": ["string"]
}
delete_member
Logs when users are removed from an organization or enterprise.
{
"action": "delete_member",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"target_user_id": "string",
"enterprise_id": "string"
}
assign_roles
Logs when user roles are updated.
{
"action": "assign_roles",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"target_user_id": "string",
"roles": ["string"]
}
Group Management
add_group_membership
Logs when groups are added to organization membership.
{
"action": "add_group_membership",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"target_group_name": "string",
"roles": ["string"]
}
update_group_membership
Logs when group membership roles are updated.
{
"action": "update_group_membership",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"target_group_name": "string",
"role": "string"
}
delete_group_membership
Logs when groups are removed from organization membership.
{
"action": "delete_group_membership",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"target_group_name": "string"
}
Session Management
create_session
Logs when new Devin sessions are created.
{
"action": "create_session",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"session_id": "string"
}
send_message
Logs when messages are sent to Devin sessions.
{
"action": "send_message",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"session_id": "string",
"privacy_mode": "boolean"
}
sleep_session
Logs when Devin sessions are put to sleep.
{
"action": "sleep_session",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"session_id": "string",
"privacy_mode": "boolean"
}
terminate_session
Logs when Devin sessions are terminated.
{
"action": "terminate_session",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"session_id": "string",
"privacy_mode": "boolean"
}
create_mcp_validation_session
Logs when MCP validation sessions are created.
{
"action": "create_mcp_validation_session",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"session_id": "string"
}
Organization Management
create_org
Logs when new organizations are created.
{
"action": "create_org",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number"
}
delete_org
Logs when organizations are deleted.
{
"action": "delete_org",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"org_name": "string"
}
API Key Management
create_org_api_key
Logs when organization API keys are created.
{
"action": "create_org_api_key",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number"
}
create_user_api_key
Logs when user-specific API keys are created.
{
"action": "create_user_api_key",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number"
}
view_org_api_key
Logs when organization API keys are viewed/retrieved.
{
"action": "view_org_api_key",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number"
}
view_user_api_key
Logs when user API keys are viewed/retrieved.
{
"action": "view_user_api_key",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number"
}
create_service_api_key
Logs when service API keys are created for enterprises.
{
"action": "create_service_api_key",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number"
}
revoke_enterprise_api_key
Logs when enterprise API keys are revoked.
{
"action": "revoke_enterprise_api_key",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number"
}
revoke_all_enterprise_api_keys
Logs when all enterprise API keys are revoked.
{
"action": "revoke_all_enterprise_api_keys",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number"
}
Secret Management
create_secret
Logs when secrets are created.
{
"action": "create_secret",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"secret_id": "string",
"secret_key": "string"
}
update_secret
Logs when secrets are updated.
{
"action": "update_secret",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"secret_id": "string",
"secret_key": "string"
}
delete_secret
Logs when secrets are deleted.
{
"action": "delete_secret",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"secret_id": "string",
"secret_key": "string"
}
Knowledge Management
create_knowledge
Logs when knowledge items (notes) are created.
{
"action": "create_knowledge",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"knowledge_id": "string"
}
edit_knowledge
Logs when knowledge items are edited.
{
"action": "edit_knowledge",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"knowledge_id": "string"
}
delete_knowledge
Logs when knowledge items are deleted.
{
"action": "delete_knowledge",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"knowledge_id": "string"
}
create_folder
Logs when knowledge folders are created.
{
"action": "create_folder",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"folder_id": "string"
}
update_folder
Logs when knowledge folders are updated.
{
"action": "update_folder",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"folder_id": "string"
}
delete_folder
Logs when knowledge folders are deleted.
{
"action": "delete_folder",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"folder_id": "string"
}
Repository Management
start_repo_setup
Logs when repository setup is initiated.
{
"action": "start_repo_setup",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"repo_name": "string"
}
finish_repo_setup
Logs when repository setup is completed.
{
"action": "finish_repo_setup",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"repo_name": "string"
}
delete_repo_setup
Logs when repository setup is deleted.
{
"action": "delete_repo_setup",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"repo_name": "string"
}
remove_repo_from_devin
Logs when repositories are removed from Devin.
{
"action": "remove_repo_from_devin",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"repo_name": "string"
}
Playbook Management
create_playbook
Logs when playbooks are created.
{
"action": "create_playbook",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"playbook_id": "string"
}
update_playbook
Logs when playbooks are updated.
{
"action": "update_playbook",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"playbook_id": "string"
}
delete_playbook
Logs when playbooks are deleted.
{
"action": "delete_playbook",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"playbook_id": "string"
}
Integration Management
create_github_integration
Logs when GitHub integrations are created.
{
"action": "create_github_integration",
"org_id": "string",
"user_id": "string",
"user_email": "string",
"created_at": "number",
"github_org_name": "string"
}
delete_github_integration
Logs when GitHub integrations are deleted.
{
"action": "delete_github_integration",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number"
}
github_integration_deleted
Logs when GitHub integrations are automatically deleted.
{
"action": "github_integration_deleted",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"github_org_name": "string",
"installation_id": "number"
}
create_gitlab_integration
Logs when GitLab integrations are created.
{
"action": "create_gitlab_integration",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"gitlab_user_name": "string",
"gitlab_host": "string"
}
delete_gitlab_integration
Logs when GitLab integrations are deleted.
{
"action": "delete_gitlab_integration",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"gitlab_user_name": "string",
"gitlab_host": "string"
}
create_azure_devops_integration
Logs when Azure DevOps integrations are created.
{
"action": "create_azure_devops_integration",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"azure_devops_user_name": "string",
"azure_devops_host": "string"
}
delete_azure_devops_integration
Logs when Azure DevOps integrations are deleted.
{
"action": "delete_azure_devops_integration",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"azure_devops_user_name": "string",
"azure_devops_host": "string"
}
Enterprise Management
update_enterprise_settings
Logs when enterprise settings are updated.
{
"action": "update_enterprise_settings",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number"
}
update_enterprise_hypervisor_settings
Logs when enterprise hypervisor settings are updated.
{
"action": "update_enterprise_hypervisor_settings",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"settings": {
"debugging_enabled": "boolean|null",
"automatic_updates": "boolean|null"
}
}
Search and Query
search_query
Logs when search queries are performed.
{
"action": "search_query",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number"
}
Security
ai_guardrail_violation
Logs when AI guardrail violations are detected.
{
"action": "ai_guardrail_violation",
"org_id": "string",
"user_id": "string|null",
"user_email": "string|null",
"created_at": "number",
"session_id": "string",
"offending_event_id": "string",
"confidence_score": "number",
"rule_name": "string"
}
rule_name values:
| Rule Name | Description |
|---|
"profanity" | Detects messages containing profanity or inappropriate language |
"secrets" | Detects attempts to query for secrets, sensitive data, or system prompts |
"pii" | Detects attempts to access PII (Personally Identifiable Information) or other sensitive user information |
"ddos" | Detects requests to DDOS downstream systems |
"evasion" | Detects attempts to circumvent or ignore the guardrail rules themselves |
curl -X GET "https://api.devin.ai/v2/audit-logs" \
-H "Authorization: Bearer YOUR_API_KEY" \
-G \
-d "limit=50"
{
"audit_logs": [
{
"action": "create_session",
"user_id": "user_456",
"user_email": "user@example.com",
"created_at": 1704067200000,
"session_id": "session_789"
},
{
"action": "add_member",
"user_id": "user_456",
"user_email": "user@example.com",
"created_at": 1704153600000,
"target_user_id": "user_789",
"roles": ["org_member"]
}
]
}
