Skip to product menu
Zoho mail
Skip to main content
Zoho mail

Get Audit Records

Purpose

This API retrieves audit records for admin activities within the organization.

OAuth Scope

Use the scope

ZohoMail.organization.audit.ALL (or) ZohoMail.organization.audit.READ

to generate the Authtoken.

ALL - Full access to audit.

READ - Read access to audit.

Request URL

Method: GET

https://mail.zoho.com/api/organization/{zoid}/activity

Path Parameters

  • zoid* long
    • This parameter denotes the unique Zoho Organization Identifier for the organization.
    • This parameter can be retrieved from the Get Organization Details API.

 

Query Parameters

  • searchKey string
    • This parameter specifies the criteria for filtering the audit records. 
    • This parameter contains Category, Sub Category, OperationType, performedBy, and performedFor. These criteria are separated by ::, and values are indicated by :.  
      Example searchKey value : category:1003::subCategory:4007::performedFor:user@zylker.com
    • For more details on how to construct SearchKey, refer here.
  • startTime long
    • Specifies the timestamp indicating the start time of the period for which audit records are requested.
    • The value of this parameter should be provided in milliseconds since the Unix epoch (January 1, 1970, 00:00:00 UTC).
  • endTime long
    • Specifies the timestamp indicating the end time of the period for which audit records are requested.
    • The value of this parameter should be provided in milliseconds since the Unix epoch (January 1, 1970, 00:00:00 UTC).
  • limit int
    • Specifies the maximum number of audit records to be returned in the API response.
    • Allowed value: 1-200.
    • The default value is 10.
  • lastEntityId string
    • This parameter represents the identifier of the last audit record retrieved in the previous request. This allows subsequent requests to fetch audit records starting from where the previous request ended.
  • lastIndexTime string
    • This parameter represents the timestamp of the last audit record retrieved in the previous request. This allows subsequent requests to fetch audit records starting from where the previous request ended.

 

* - Mandatory parameter

 

Response Codes

Refer here for the response codes and their meaning.

Sample Request

Copiedcurl "https://mail.zoho.com/api/organization/57047751/activity?searchKey=category:1003::subCategory:4007::performedFor:user@zylker.com&limit=50" \
-X GET \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization:Zoho-oauthtoken ***"

Sample Response

Copied{
  "status": {
    "code": 200,
    "description": "success"
  },
  "data": {
    "lastIndexTime": "1710316191981002",
    "audit": [
      {
        "subCategory": "MAILBOX_USER",
        "data": "{\"peopleInfo\":{},\"emailId\":\"user@zylker.com\"}",
        "type": "ADMIN",
        "requestTime": 1710316191981,
        "performedBy": "admin@zylker.com"
        "auditLogType": "ORGADMIN_AUDIT",
        "clientIp": "172.18.249.197",
        "mainCategory": "Users",
        "operationType": "ADD",
        "performedOn": "user@zylker.com",
        "category": "MAILBOX",
        "operation": "ORG_INFO_ADD",
        "status": "success"
      }
    ],
    "lastEntityId": "1710316191981002_sas@172.18.232.99"
  }
}

© 2025, Zoho Corporation Pvt. Ltd. All Rights Reserved.