The audit REST API exposes the privacyIDEA audit log: a paginated search endpoint and a CSV download endpoint. See Audit for the conceptual chapter and the available audit modules (SQL, logger, container).

All endpoints require admin authentication. Search is gated by the admin policy action auditlog; the CSV download by auditlog_download. Both endpoints honor the auditlog_age policy that limits how far back an admin may look. The hide_audit_columns policy is applied only to the search endpoint, not to the CSV download.

16.1.1.1. Audit endpoint

GET /audit/

Return a paginated page of audit entries. All filter parameters are accepted as query parameters; column names from the audit schema can be used directly as filter keys (realm, user, serial, action, success, …). Filter values support the wildcard *.

Requires admin authentication and the policy action auditlog. The auditlog_age policy may shrink timelimit to the configured maximum, and hide_audit_columns may strip configured columns from the response.

Example request:

GET /audit/?realm=realm1&page=1&page_size=15 HTTP/1.1
Host: example.com
Accept: application/json
Query Parameters:

  • timelimit – only consider entries newer than this (e.g. 1d, 2h, 30m). Capped by the auditlog_age policy.

  • page – page number, 1-indexed.

  • page_size – entries per page.

  • sortname – column to sort by.

  • sortorderasc or desc.

Query:

any audit column name as a filter key.

Status Codes:

  • 200 OK – paginated audit dictionary in result.value with count, current, next, prev, auditdata.

GET /audit/(csvfile)

Stream the audit log as a CSV file. The path component is the desired download filename (e.g. audit.csv); the actual filter is given by the query parameters, which use the same syntax as the search endpoint.

Requires admin authentication and the policy action auditlog_download. The auditlog_age policy caps how far back the export may go. Hidden-column policies do not apply to the download — disallow downloading if you need that restriction.

Example request:

GET /audit/audit.csv?realm=realm1 HTTP/1.1
Host: example.com
Accept: text/csv
Parameters:

  • csvfile – filename to use for the download.

Query Parameters:

  • timelimit – only export entries newer than this. Capped by the auditlog_age policy.

Query:

any audit column name as a filter key (same as for the search endpoint).

Status Codes:

  • 200 OKtext/csv body containing the audit entries.