Working with Audit Logs

Overview

Frame.io supports and maintains Audit Logs for the vast majority of activities taken in its applications. This includes both basic CRUD on core resources, and some special abstractions (e.g. AssetVersioned).

Audit Logs truncate after 30 days

Frame.io Audit Logs are available via API for a rolling window of 30 days, after which they are moved into cold storage. Therefore, if you want to maintain a long history of Frame.io events, please ensure you’re storing historical log data independently.

Scope and permissions

Only Account Admins may access the Audit Logs for an Account, and all calls to the Audit Logs endpoint must be scoped to an account_id as follows:

GET https://api.frame.io/v2/accounts/:id/audit_logs

Responses

Audit Log responses all have a similar format:

1 {
2     "_type": "audit",
3     "account_id": "<account-id>",
4     "action": "<ActionTaken>",
5     "actor": {
6         "_type": "user",
7         "id": "<user-id>",
8     },
9     "actor_id": "<user-id>",
10     "id": "<audit-id>",
11     "inserted_at": "<ISO-8601-datetime>",
12     "item_id": "<resource-id>",
13     "item_type": "<ResourceType>",
14     "resource": {...},
15     "team_id": "<team-id>",
16     "updated_at": "<ISO-8601-datetime>"
17 }

Don't forget to paginate!

Audit Log response data can be fairly verbose, so make sure you’re familiar with pagination!

Filters

Audit Logs support a variety of filters, including date ranges. Unlike Frame.io’s Search endpoints, filters can be sent only as GET query string params.

Filters all follow the same formatting:

GET + query string

1 GET
2 https://api.frame.io/accounts/:id/audit_logs?filter[filter_type1]=value1&filter[filter_type2]=value2

One value per filter type

Currently, Audit Logs support one value per filter type. If you supply two filters of the same type (e.g. filter[action]=ActionOne&filter[action]=ActionTwo), the second filter will take precedence.

Key filter types

The key filter types for culling and navigating Audit Logs are:

Filter type	Description	Example values
`item_type`	Filters for all resources of a single type.	Presentation, Comment, ReviewLink, Asset
`item_id`	Filters for a single, specific resource, e.g. an Asset or Presentation.	<asset-id>, <presentation-id>
`action`	Filters for a single Action, usually associated with an `item_type`	ProjectCreated, AssetVersioned, CommentDeleted
`actor_id`	Filters for the ID of a specific User (actor).	<user-id>
`team_id`	Filters for activities associated with a single Team. This filter is useful only on teams that have multiple Teams.	<team-id>
`inserted_at`	Filters for Audit events occurring before or after a specific datetime. Must be ISO-8601 format, UTC.	2022-08-25T00:00:00Z

Item Types and Actions

Resource	Actions
Account	`AccountCreated`, `AccountUpdate`, `AccountLocked`
Asset	`AssetCopied`, `AssetCreated`, `AssetDeleted`, `AssetUpdated`, `AssetVersioned`, `AssetUnversioned`, `AssetLabelUpdated`, `AssetMoved`, `AssetPreserved`, `AssetPrivatized`, `AssetPublicized`, `AssetRestored`
Collaborator	`CollaboratorCreated`, `CollaboratorDeleted`
Comment	`CommentCreated`, `CommentCompleted`, `CommentDeleted`, `CommentLiked`, `CommentUncompleted`, `CommentUnliked`, `CommentUpdated`, `ReplyCreated`
Presentation	`PresentationCreated`, `PresentationDeleted`, `PresentationUpdated`
Project	`ProjectCreated`, `ProjectDeleted`, `ProjectMoved`, `ProjectRestored`, `ProjectUpdated`
ReviewLink	`ReviewLinkCreated`, `ReviewLinkDeleted`, `ReviewLinkUpdated`
Team	`TeamCreated`, `TeamUpdated`, `TeamDeleted`
TeamMember	`TeamMemberCreated`, `TeamMemberAccepted`, `TeamMemberDeclined`, `TeamMemberRemoved`, `TeamMemberUpdated`

Filter examples

Filters all follow a similar format, as outlined above. Below are a handful of examples target at specific use cases that can help you get started.

Scenario	Query string
Actions taken by a single User.	`?filter[actor_id]=<user-id>`
All activity on a specific Presentation.	`?filter[item_id]=<presentation-id>`
Comments left by a User.	`?filter[action]=CommentCreated&filter[actor_id]=<user-id>`
All Review Link activity on a Team.	`?filter[item_type]=ReviewLink&filter[team_id]=<team-id>`

Date ranges

Date ranges are a slightly special case, in that it’s necessary to specify both the inserted_at datetime value, and the operation to apply to that datetime.

Accordingly, date range queries will always have two filter elements, each of which will itself be nested beside an [inserted_at] parameter.

Supported operations include:

gt: greater than
gte: greater than or equal to
lt: less than
lte: less than or equal to

Date range examples

Scenario	Query string
All Audit Log records from a date.	`?filter[inserted_at][op]=gt&filter[inserted_at][value]=2019-03-25T00:00:00Z`
All Assets uploaded by a specific User up to a date.	`?filter[inserted_at][op]=lt&filter[inserted_at][value]=2019-03-25T00:00:00Z&filter[actor_id]=<user-id>&filter[action]=AssetCreated`

1	{
2	"_type": "audit",
3	"account_id": "<account-id>",
4	"action": "<ActionTaken>",
5	"actor": {
6	"_type": "user",
7	"id": "<user-id>",
8	},
9	"actor_id": "<user-id>",
10	"id": "<audit-id>",
11	"inserted_at": "<ISO-8601-datetime>",
12	"item_id": "<resource-id>",
13	"item_type": "<ResourceType>",
14	"resource": {...},
15	"team_id": "<team-id>",
16	"updated_at": "<ISO-8601-datetime>"
17	}

1	GET
2	https://api.frame.io/accounts/:id/audit_logs?filter[filter_type1]=value1&filter[filter_type2]=value2