> ## Documentation Index > Fetch the complete documentation index at: https://developers.harvey.ai/llms.txt > Use this file to discover all available pages before exploring further. # Query Audit Logs > Paginates forward in time from a given audit log ID. It takes a log ID parameter to begin fetching from and a take parameter for the number of log entries to fetch. For a complete list of all audit log types and their descriptions, see the [Audit Logs Guide](/guides/audit_logs#audit-log-types). ### Permissions Requires `Territory admin` or `Organization admin` permission. ## OpenAPI ````yaml /audit_logs_api.json get /api/v1/logs/audit openapi: 3.0.1 info: title: Harvey Audit Log API description: > The Harvey Audit Log API allows customers to query audit logs for their workspace. These APIs cover ways to query audit logs at a given time or from an ID and how to paginate through audit logs over time. The current API request rate limit for audit log querying is 1 per second. For a complete list of all audit log types, use cases, and implementation examples, see the [Audit Logs Guide](/guides/audit_logs). version: 1.0.0 contact: email: support@harvey.ai servers: - url: https://api.harvey.ai description: Harvey API server security: [] paths: /api/v1/logs/audit: get: tags: - Query summary: Query Audit Logs description: > Paginates forward in time from a given audit log ID. It takes a log ID parameter to begin fetching from and a take parameter for the number of log entries to fetch. For a complete list of all audit log types and their descriptions, see the [Audit Logs Guide](/guides/audit_logs#audit-log-types). operationId: queryAuditLogs parameters: - name: from in: query required: true schema: type: string format: uuid description: Audit log ID to begin fetching from. - name: take in: query required: true schema: type: integer description: Number of audit log entries to fetch, max 1000 - name: log_type in: query required: false schema: type: string description: >- Optional filter to return only logs of a specific type. For Microsoft add-in activity, use add-in-specific log types such as `user:word_add_in_docx_drafting` or `user:outlook_add_in_ask`. See the [Audit Logs Guide](/guides/audit_logs#audit-log-types) for a complete list of log types. example: auth:login responses: '200': description: List of audit log entries content: application/json: schema: type: array items: $ref: '#/components/schemas/AuditLog' examples: multiple_events: summary: Multiple Audit Log Events value: - data: begin_date: '2024-03-26T21:56:56.107874+00:00' end_date: '2024-03-26T18:44:20.612870+00:00' num_events: 50 id: 018e99bb-0461-7880-bfbb-51ee869a0a52 ip: 0.0.0.0 timestamp: '2024-04-01T21:55:54.217050' type: admin:fetch_workspace_history user: user@example.com user_agent: >- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 - data: event_id: 100588387 id: 018e99bb-0471-7c73-b214-0568d92f560a ip: 0.0.0.0 timestamp: '2024-04-01T21:55:54.113000' type: admin:client_view_workspace_history_item user: user@example.com user_agent: >- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 '400': description: Bad request. '401': description: Unauthorized. '429': description: Rate limit exceeded. '500': description: Internal server error. security: - bearerAuth: [] components: schemas: AuditLog: type: object properties: data: type: object description: Optional metadata for certain event types. properties: begin_date: type: string format: date-time description: Start timestamp of system-level event window. end_date: type: string format: date-time description: End timestamp of system-level event window. num_events: type: integer description: Number of events captured by the system-level log. event_id: type: integer description: Optional identifier for the underlying user action. additionalProperties: true id: type: string format: uuid description: Unique identifier for the log entry. example: 0194f5c5-2021-75ae-b202-f049fca9dce2 ip: type: string description: IP address of the actor. example: 0.0.0.0 timestamp: type: string format: date-time description: Date when the event occurred in ISO format. example: '2025-02-11T16:08:44.324452' type: type: string description: >- Type of audit log event. Microsoft add-in activity is returned through the same Audit Log API, with event types such as `user:word_add_in_docx_drafting` and `user:outlook_add_in_ask`. We may add more types at any time, so in developing and maintaining your code, you should not assume that only these types exist. For a complete list of all audit log types and their descriptions, see the [Audit Logs Guide](/guides/audit_logs#audit-log-types). example: admin:fetch_workspace_history user: type: string description: Email of the user who triggered the event. example: user@example.com user_agent: type: string description: User agent of the actor who triggered the event. example: >- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 required: - data - id - ip - timestamp - type - user - user_agent securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT ````