**Source URL:** https://general.veevavault.dev/qualityone/vault-api/api-reference/26.1/logs/audit/retrieve-audit-details.md

# Retrieve Audit Details



Retrieve all audit details for a specific audit type. This request supports optional parameters to narrow the results to a specified date and time within the past 30 days.

You can run a full audit export with the same formatting as exports you initiate in the UI once per day per audit type. To execute a full audit export, set `all_dates` to true, leave `start_date` and `end_date` blank, and set `format_result` to `csv`. When the job is complete, you will receive an email containing links to a zipped file for each year.

<Endpoint path="/api/{version}/audittrail/{audit_trail_type}" method="GET"></Endpoint>

## Headers {#headers}

<FieldTable>
| Name | Description |
| --- | --- |
| `Accept` | `application/json` (default) |
</FieldTable>

## URI Path Parameters {#uri-path-parameters}

<FieldTable>
| Name | Description |
| --- | --- |
| `{audit_trail_type}` | The name of the specified audit type (`document_audit_trail`, `object_audit_trail`, etc.). Use the [Retrieve Audit Types API](/vault-api/api-reference/26.1/logs/audit/retrieve-audit-types) to retrieve types available in your Vault. Requests for `login_audit_trail` only accept one request per user at a time. |
</FieldTable>

## Query Parameters {#query-parameters}

You can modify the request by using one or more of the following parameters:

<FieldTable>
| Name | Description |
| --- | --- |
| `start_date` | Specify a start date to retrieve audit information. This date cannot be more than 30 days ago. Dates must be `YYYY-MM-DDTHH:MM:SSZ` format, for example, 7AM on January 15, 2016 would use `2016-01-15T07:00:00Z`. If omitted, defaults to the start of the previous day. |
| `end_date` | Specify an end date to retrieve audit information. This date cannot be more than 30 days ago.  Dates must be `YYYY-MM-DDTHH:MM:SSZ` format, for example, 7AM on January 15, 2016 would use `2016-01-15T07:00:00Z`. If omitted, defaults to the current date and time. |
| `all_dates` | Set to `true` to request audit information for all dates. You must leave `start_date` and `end_date` blank when requesting an export of a full audit trail. You can only run a full audit export (`all_dates = true`) on each audit type once every 24 hours. |
| `format_result` | To request a downloadable CSV file of your audit details, use `csv`. The response contains a `jobId` to retrieve the job status, which contains a link to download the CSV file.  If omitted, the API returns a JSON response and does not start a job. If `all_dates` is `true`, this parameter is required. |
| `objects` | This is an optional parameter when specifying `object_audit_trail` as the `{audit_trail_type}`. Provide a comma-separated list of one or more object names to retrieve their audit details. For example, `objects=product__v,country__v`. If omitted, defaults to all objects. |
| `events` | This is an optional parameter when specifying `object_audit_trail` or `document_audit_trail` as the `{audit_trail_type}`. Provide a comma-separated list of one or more audit events to retrieve their audit details. For example, `events=Edit,Delete,TaskAssignment`. If omitted, defaults to all audit events. See Vault Help for full lists of [object audit events](https://platform.veevavault.help/en/gr/74202) and [document audit events](https://platform.veevavault.help/en/gr/30435). |
</FieldTable>
Dates and times are in UTC. If the time is not specified, it will default to midnight (T00:00:00Z) on the specified date.

## Request {#request}

<CodeExample title="">
```
curl -X GET -H "Authorization: {SESSION_ID}" \
https://myvault.veevavault.com/api/v17.3/audittrail/login_audit_trail

```
</CodeExample>

## Response {#response}

<CodeExample title="">
```
{
    "responseDetails": {
        "offset": 0,
        "limit": 200,
        "size": 7,
        "total": 7,
        "object": {
            "name": "login_audit_trail",
            "label": "Login Audit Trail",
            "url": "/api/v17.3/metadata/audittrail/login_audit_trail"
        }
    },
    "data": [
        {
            "id": "152515375538",
            "timestamp": "2017-09-15T16:07:25Z",
            "user_name": "lgills@veepharm.com",
            "full_name": "Lateef Gills",
            "source_ip": "209.136.227.195",
            "type": "User Login",
            "status": "Success",
            "browser": "Unknown",
            "platform": "Unknown"
        },
        {
            "id": "152515371157",
            "timestamp": "2017-09-14T14:19:05Z",
            "user_name": "c.brandon@veepharm.com",
            "full_name": "Cody Brandon",
            "source_ip": "162.218.77.23",
            "type": "Enterprise Home Authentication",
            "status": "Success",
            "browser": "Chrome 60.0.3112.113",
            "platform": "Intel Mac OS X 10.12.6"
        }
    ],
    "responseStatus": "SUCCESS"
}

```
</CodeExample>

## Response Details {#response-details}

On `SUCCESS`, the response lists all rows and fields for the specified audit trail type. For example:

<FieldTable>
| Name | Description |
| --- | --- |
| `id` | The unique audit trail ID. |
| `timestamp` | Date and time that the action was performed. |
| `user_name` | Login name for the user who performed the action. This may show "System" to indicate the action was completed by Vault. |
| `full_name` | The full name of the user who performed the action. |
| `on_behalf_of` | If the action completed by `user_name` was representing a different user (such as through [delegated access](https://platform.veevavault.help/en/gr/15015)), this field is the delegating user’s user name. For example, in the case of “`tibanez@veepharm.com` on behalf of `mmurray@veepharm.com`,” the `user_name` is `tibanez@veepharm.com` who completed the action `on_behalf_of` `mmurray@veepharm.com`. |
</FieldTable>
The response returns additional fields based on the specified audit type. For example, if the audit type is `object_audit_trail`, Vault returns the `action` field denoting the audit event.

When the number of query results is greater than the page size, the response provides `next_page` and `previous_page` URLs for pagination. Learn more about paginating results in the [VQL documentation](/vql/references/query-performance-best-practices#Paginating_Results).

Requesting a CSV file generates a job to prepare the file for download. On `SUCCESS`, the response includes the `jobId` with a link to the CSV file.

When you export a full audit trail (`all_dates = true` and `format_result = csv`,) the response does not include a link to the CSV file. You will instead receive an email when the job is complete. The email contains a download link for each year to Excel files (one file per month for the current year, one file per year for each previous year) of the audit trail.

<FieldTable>
| Name | Description |
| --- | --- |
| `url` | The URL to retrieve the current status of the CSV job. |
| `jobId` | The job ID value is used to retrieve the status and results of the audit trail CSV request. |
</FieldTable>

---

**Previous:** [Retrieve Audit Metadata](/qualityone/vault-api/api-reference/26.1/logs/audit/retrieve-audit-metadata)  
**Next:** [Audit History](/qualityone/vault-api/api-reference/26.1/logs/audit-history)