AMP SDK
Initialization
Configuration
Network Security Configuration
Event Tracking
User Attributes
IDSync
Screen Events
Commerce Events
Location Tracking
Media
Kits
Application State and Session Management
Data Privacy Controls
Error Tracking
Opt Out
Push Notifications
WebView Integration
Logger
Preventing Blocked HTTP Traffic with CNAME
Workspace Switching
Linting Data Plans
Troubleshooting the Android SDK
API Reference
Upgrade to Version 5
Cordova Plugin
Identity
Direct URL Routing FAQ
Web
Android
iOS
Workspace Switching
Initialization
Configuration
Event Tracking
User Attributes
IDSync
Screen Tracking
Commerce Events
Location Tracking
Media
Kits
Application State and Session Management
Data Privacy Controls
Error Tracking
Opt Out
Push Notifications
Webview Integration
Upload Frequency
App Extensions
Preventing Blocked HTTP Traffic with CNAME
Linting Data Plans
Troubleshooting iOS SDK
Social Networks
iOS 14 Guide
iOS 15 FAQ
iOS 16 FAQ
iOS 17 FAQ
iOS 18 FAQ
API Reference
Upgrade to Version 7
Getting Started
Identity
Upload Frequency
Getting Started
Opt Out
Initialize the SDK
Event Tracking
Commerce Tracking
Error Tracking
Screen Tracking
Identity
Location Tracking
Session Management
Getting Started
Identity
Initialization
Configuration
Content Security Policy
Event Tracking
User Attributes
IDSync
Page View Tracking
Commerce Events
Location Tracking
Media
Kits
Application State and Session Management
Data Privacy Controls
Error Tracking
Opt Out
Custom Logger
Persistence
Native Web Views
Self-Hosting
Multiple Instances
Web SDK via Google Tag Manager
Preventing Blocked HTTP Traffic with CNAME
Facebook Instant Articles
Troubleshooting the Web SDK
Browser Compatibility
Linting Data Plans
API Reference
Upgrade to Version 2 of the SDK
Alexa
Data Subject Request API Version 1 and 2
Data Subject Request API Version 3
Key Management
Platform API Overview
Accounts
Apps
Audiences
Calculated Attributes
Data Points
Feeds
Field Transformations
Services
Users
Workspaces
Warehouse Sync API Overview
Warehouse Sync API Tutorial
Warehouse Sync API Reference
Data Mapping
Warehouse Sync SQL Reference
Warehouse Sync Troubleshooting Guide
ComposeID
Warehouse Sync API v2 Migration
Calculated Attributes Seeding API
Bulk Profile Deletion API Reference
Data Planning API
Group Identity API Reference
Custom Access Roles API
Pixel Service
Profile API
Audit Logs API
Events API
mParticle JSON Schema Reference
IDSync
Overview
Step 1. Create an input
Step 2. Verify your input
Step 3. Set up your output
Step 4. Create a connection
Step 5. Verify your connection
Step 6. Track events
Step 7. Track user data
Step 8. Create a data plan
Step 9. Test your local app
Overview
Step 1. Create an input
Step 2. Verify your input
Step 3. Set up your output
Step 4. Create a connection
Step 5. Verify your connection
Step 6. Track events
Step 7. Track user data
Step 8. Create a data plan
Step 1. Create an input
Step 2. Create an output
Step 3. Verify output
Node SDK
Go SDK
Python SDK
Ruby SDK
Java SDK
Introduction
Outbound Integrations
Firehose Java SDK
Inbound Integrations
Compose ID
Glossary
Migrate from Segment to mParticle
Migrate from Segment to Client-side mParticle
Migrate from Segment to Server-side mParticle
Segment-to-mParticle Migration Reference
Data Hosting Locations
Rules Developer Guide
API Credential Management
The Developer's Guided Journey to mParticle
Composable Audiences Overview
User Guide Overview
Warehouse Setup Overview
Audience Setup
Frequently Asked Questions
Overview
Overview
User Profiles
Overview
Create and Manage Group Definitions
Calculated Attributes Overview
Using Calculated Attributes
Create with AI Assistance
Calculated Attributes Reference
Create an Input
Start capturing data
Connect an Event Output
Create an Audience
Connect an Audience Output
Transform and Enhance Your Data
Usage and Billing Report
The new mParticle Experience
The Overview Map
Observability Overview
Observability User Guide
Observability Troubleshooting Examples
Observability Span Glossary
Audit Logs
Key Management
Platform Configuration
Event Match Quality Dashboard (Early Access)
Event Forwarding
Notifications
System Alerts
Trends
Introduction
Data Retention
Data Catalog
Connections
Activity
Data Plans
Live Stream
Filters
Rules
Blocked Data Backfill Guide
Tiered Events
mParticle Users and Roles
Analytics Free Trial
Troubleshooting mParticle
Usage metering for value-based pricing (VBP)
IDSync Overview
Use Cases for IDSync
Components of IDSync
Store and Organize User Data
Identify Users
Default IDSync Configuration
Profile Conversion Strategy
Profile Link Strategy
Profile Isolation Strategy
Best Match Strategy
Aliasing
Audiences Overview
Create an Audience
Connect an Audience
Manage Audiences
Audience Sharing
Match Boost
FAQ
Standard Audiences (Legacy)
Predictive Audiences Overview
Using Predictive Audiences
New vs. Classic Experience Comparison
Introduction
Core Analytics (Beta)
Sync and Activate Analytics User Segments in mParticle
User Segment Activation
Welcome Page Announcements
Project Settings
Roles and Teammates
Organization Settings
Global Project Filters
Portfolio Analytics
Analytics Data Manager Overview
Events
Event Properties
User Properties
Revenue Mapping
Export Data
UTM Guide
Analyses Introduction
Getting Started
Visualization Options
For Clauses
Date Range and Time Settings
Calculator
Numerical Settings
Assisted Analysis
Properties Explorer
Frequency in Segmentation
Trends in Segmentation
Did [not] Perform Clauses
Cumulative vs. Non-Cumulative Analysis in Segmentation
Total Count of vs. Users Who Performed
Save Your Segmentation Analysis
Export Results in Segmentation
Explore Users from Segmentation
Getting Started with Funnels
Group By Settings
Conversion Window
Tracking Properties
Date Range and Time Settings
Visualization Options
Interpreting a Funnel Analysis
Group By
Filters
Conversion over Time
Conversion Order
Trends
Funnel Direction
Multi-path Funnels
Analyze as Cohort from Funnel
Save a Funnel Analysis
Explore Users from a Funnel
Export Results from a Funnel
Saved Analyses
Manage Analyses in Dashboards
Data Dictionary
Query Builder Overview
Modify Filters With And/Or Clauses
Query-time Sampling
Query Notes
Filter Where Clauses
Event vs. User Properties
Group By Clauses
Annotations
Cross-tool Compatibility
Apply All for Filter Where Clauses
Date Range and Time Settings Overview
User Attributes at Event Time
Understanding the Screen View Event
User Aliasing
Dashboards––Getting Started
Manage Dashboards
Dashboard Filters
Organize Dashboards
Scheduled Reports
Favorites
Time and Interval Settings in Dashboards
Query Notes in Dashboards
The Demo Environment
Keyboard Shortcuts
User Segments
Data Privacy Controls
Data Subject Requests
Default Service Limits
Feeds
Cross-Account Audience Sharing
Import Data with CSV Files
CSV File Reference
Glossary
Video Index
Single Sign-On (SSO)
Setup Examples
Introduction
Introduction
Introduction
Rudderstack
Google Tag Manager
Segment
Advanced Data Warehouse Settings
AWS Kinesis (Snowplow)
AWS Redshift (Define Your Own Schema)
AWS S3 Integration (Define Your Own Schema)
AWS S3 (Snowplow Schema)
BigQuery (Snowplow Schema)
BigQuery Firebase Schema
BigQuery (Define Your Own Schema)
GCP BigQuery Export
Snowflake (Snowplow Schema)
Snowplow Schema Overview
Snowflake (Define Your Own Schema)
Aliasing
Audience
Event
Audience
Feed
Event
Cookie Sync
Server-to-Server Events
Platform SDK Events
Audience
Audience
Audience
Event
Audience
Feed
Event
Event
Event
Audience
Event
Data Warehouse
Event
Event
Audience
Event
Feed
Event
Event
Event
Event
Event
Event
Audience
Event
Feed
Event
Event
Feed
Audience
Event
Event
Custom Feed
Event
Data Warehouse
Event
Event
Audience
Audience
Audience
Event
Audience
Event
Event
Event
Event
Audience
Event
Event
Audience
Event
Event
Audience
Data Warehouse
Event
Audience
Cookie Sync
Event
Event
Event
Event
Feed
Feed
Event
Kit
Event
Event
Event
Audience
Event
Event
Audience
Event
Event
Feed
Event
Audience
Event
Audience
Event
Event
Audience
Audience
Event
Audience
Microsoft Ads Audience Integration
Audience
Audience
Event
Event
Event
Event
Feed
Event
Event
Event
Event
Event
Feed
Event
Audience
Event
Event
Event
Event
Event
Event
Event
Feed
Event
Event
Event
Custom Pixel
Feed
Event
Event
Audience
Event
Event
Event
Data Warehouse
Event
Event
Audience
Event
Audience
Feed
Loyalty Feed
Audience
Audience
Audience
Event
Cookie Sync
Audience
Event
Audience
Feed
Audience
Event
Event
Audience
Audience
Event
Event
Event
Feed
Event
Cookie Sync
Audience
Audience
Audience
Cookie Sync
The Audit Logs API allows you to programmatically query and export audit log records for your mParticle account. You can use it to monitor and investigate changes to your account and resources, and export records for compliance reporting. The API provides endpoints for querying JSON-formatted logs and downloading CSV exports.
You can authenticate to the Audit Logs API using a bearer token.
To create a bearer token, send a POST request to mParticle’s SSO token endpoint at https://sso.auth.mparticle.com/oauth/token.
The JSON body of the request must contain:
client_id - the client ID, issued by mParticle when creating the API credentialsclient_secret - the client secret, issued by mParticle when creating the API credentialsaudience - set to a value of "https://api.mparticle.com"grant_type - set to a value of "client_credentials"curl --request POST \
--url https://sso.auth.mparticle.com/oauth/token \
--header 'content-type: application/json' \
--data '{"client_id":"...","client_secret":"...","audience":"https://api.mparticle.com","grant_type":"client_credentials"}'POST /oauth/token HTTP/1.1
Host: sso.auth.mparticle.com
Content-Type: application/json
{
"client_id": "your_client_id",
"client_secret": "your_client_secret",
"audience": "https://api.mparticle.com",
"grant_type": "client_credentials"
}A successful POST request to the token endpoint results in a JSON response as follows:
{
"access_token": "YWIxMjdi883GHBBDnjsdKAJQxNjdjYUUJABbg6hdI.8V6HhxW-",
"expires_in" : 28800,
"token_type": "Bearer"
}Subsequent requests to the API can then be authorized by setting the authorization header to:
Authorization: Bearer YWIxMjdi883GHBBDnjsdKAJQxNjdjYUUJABbg6hdI.8V6HhxW-
Tokens cannot be revoked, but they expire every eight hours. The initial token request can take between one and three seconds, so mParticle recommends that you cache the token and refresh it only when necessary.
POST https://api.mparticle.com/platform/experimental/{accountId}/auditlogs/query
Retrieve a paginated list of audit logs for your account. You can filter results by specifying values for action_types, actor_email, or resources in the request body, along with an optional date range.
The endpoint uses a pagination object that carries both the event ID and timestamp of the last record returned. To retrieve the next page, set the event_id and ts fields in your request body to the values from the previous response. Omit the pagination field to start from the first page.
| Path Parameter | Type | Required | Description |
|---|---|---|---|
{accountId} |
Integer | Yes | The mParticle account ID for which you want to retrieve audit logs. |
| Parameter | Type | Required | Description |
|---|---|---|---|
start |
String (date-time) | Yes | Start date and time for filtering audit logs (UTC, ISO 8601 format). |
end |
String (date-time) | No | End date and time for filtering audit logs (UTC, ISO 8601 format). Defaults to the current time if not provided. |
page_size |
Integer | No | Number of records to return per page (1 to 500). Defaults to 100. |
pagination |
Object | No | Pagination object for retrieving the next page of results. Omit this field to retrieve the first page. When present, both pagination.event_id and pagination.ts must be provided. |
event_id |
String | No | Event ID of the last record returned in the previous page. Use the pagination.event_id value from the previous response. |
ts |
String (date-time) | No | Timestamp in UTC of the last record returned in the previous page (ISO 8601 format). Use the pagination.ts value from the previous response. |
action_types |
Array [String] | No | Filter by one or more action types. Provide an array of values such as ["Create", "Update", "Delete"]. If not provided, all action types are included. |
actor_email |
Array [String] | No | Filter by actor email addresses. Provide an array of user emails to return logs performed by those users. If not provided, logs from all actors are returned. |
resources |
Array [String] | No | Filter by resource type. Provide an array of resource names such as ["Output", "Credential", "Audience"]. If not provided, logs from all resources are included. |
search_term |
String | No | Search term used to find audit logs by resource_id (exact match) or resource_name (partial or similar match). |
curl --request POST \
--url "https://api.mparticle.com/platform/experimental/{accountId}/auditlogs/query" \
--header "Authorization: Bearer YOUR_ACCESS_TOKEN" \
--header "Content-Type: application/json" \
--data '{
"start": "2025-01-01T00:00:00Z",
"end": "2025-01-31T23:59:59Z",
"page_size": 100,
"pagination": {
"event_id": "550e8400-e29b-41d4-a716-446655440000",
"ts": "2025-01-15T12:30:45Z"
},
"action_types": ["Create", "Update", "Delete"],
"actor_email": ["user@example.com", "admin@example.com"],
"resources": ["Output", "Credential", "Audience"],
"search_term": "audience-123"
}'{
"start": "2025-01-01T00:00:00Z",
"end": "2025-01-31T23:59:59Z",
"page_size": 100,
"pagination": {
"event_id": "550e8400-e29b-41d4-a716-446655440000",
"ts": "2025-01-15T12:30:45Z"
},
"action_types": [
"Create",
"Update",
"Delete"
],
"actor_email": [
"user@example.com",
"admin@example.com"
],
"resources": [
"Output",
"Credential",
"Audience"
],
"search_term": "audience-123"
}A successful request receives a 200 response with all paginated audit log records and pagination metadata.
{
"records": [
{
"event_id": "550e8400-e29b-41d4-a716-446655440000",
"timestamp": "2025-01-15T12:30:45Z",
"actor_type": "user",
"actor_identifier": "john.doe@example.com",
"action": "CreateOutput",
"resource": "Output",
"scope": "Workspace",
"result": "Success",
"product_area": "System",
"mapped_action_type": "Read",
"metadata": {
"http_method": "POST",
"headers": {
"Content-Type": "application/json",
"User-Agent": "Mozilla/5.0"
},
"url": "https://api.mparticle.com/v1/123/outputs",
"status_code": 200,
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
"content_type": "application/json",
"content_length": 1024,
"action_arguments": {
"workspaceId": 456,
"outputId": 789
},
"latency_ms": 245,
"response_content_type": "application/json",
"payload": {
"name": "New Output Configuration",
"enabled": true
},
"entity_changes": [
{
"operation_type": "update",
"table_name": "OutputConfiguration",
"column_name": "IsEnabled",
"old_value": "false",
"new_value": "true",
"primary_key": 12345
}
]
}
}
],
"pagination": {
"event_id": "550e8400-e29b-41d4-a716-446655440000",
"ts": "2025-01-15T12:30:45Z",
"has_more": true,
"record_count": 100
}
}Use the event_id and ts values from the response in your next request’s pagination object to retrieve the next page of results.
GET https://api.mparticle.com/platform/experimental/{accountId}/auditlogs/export
Export all audit logs for a specific account as a CSV file. The endpoint streams data to efficiently handle large exports and supports filtering by date range, action type, and other parameters. Pagination is not used for exports. The API always returns all matching records for the specified filters in a single streamed CSV response. The response includes a downloadable CSV file named auditlogs_{accountId}_{startDate}_{endDate}.csv (for example, auditlogs_123_20250101_20250131.csv).
| Path Parameter | Type | Required | Description |
|---|---|---|---|
{accountId} |
Integer | Yes | The mParticle account ID for which you want to retrieve audit logs. |
| Query Parameter | Type | Required | Description |
|---|---|---|---|
{start} |
String | Yes | Start date and time (UTC, ISO 8601 format) for filtering audit logs. |
{end} |
String | No | End date and time (UTC, ISO 8601 format). Defaults to the current time if not provided. |
{action_types} |
Array [String] | No | Comma-separated list of action types to include in the export. Available values are: Read, Create, Update, and Delete. If not provided, all action types are included. For exports, Read actions are excluded by default unless explicitly included. |
curl --request GET \
--url "https://api.mparticle.com/platform/experimental/{accountId}/auditlogs/export?start=2025-01-01T00:00:00Z&end=2025-01-31T23:59:59Z&action_types=Create,Update,Delete" \
--header "Authorization: Bearer YOUR_ACCESS_TOKEN" \
--output "auditlogs_{accountId}_20250101_20250131.csv"No request body.
A successful request returns a 200 response and a CSV file containing your audit log records.
The file includes the following headers:
"Time (UTC)","User Type","User","Product Area","Resource","Action","Scope","Result","Metadata"
"2025-01-15 12:30:45","user","john.doe@example.com","Connections","Output","CreateOutput","Workspace","Success","{""http_method"":""POST"",""status_code"":200}"
"2025-01-15 12:31:12","user","jane.smith@example.com","Audiences","Audience","UpdateAudience","Account","Success","{""http_method"":""PATCH"",""status_code"":200}"| Response code | Error message | Description |
|---|---|---|
| 400 | Bad request | The request is invalid or malformed. Check that all required parameters are included and correctly formatted. For example, ensure start is a valid ISO 8601 timestamp and that page_size is between 1 and 1000. |
| 401 | Unauthorized | Authentication failed. Verify that your bearer token is valid and that you are including it in the Authorization header as Bearer <token>. |
| 403 | Forbidden | Your token is valid but does not have permission to access the specified account. Ensure the API credentials were created for this account and that the account is enabled for the Audit Logs API. |
| 404 | Account not found | No account could be found for the provided accountId. Confirm that the account exists and that the path parameter is correct. |
| 429 | Too many requests | You have exceeded the allowed request rate. Refer to the Retry-After header to determine how long to wait before retrying your request. |
Was this page helpful?