# API audit events > You can query audit events to retrieve a detailed record of user and system actions within the platform. ## Querying audit events You can query audit events to retrieve a detailed record of user and system actions within the platform. :::note You must have assigned the **IXP Audit Log Viewer** role. ::: ![](https://dev-assets.cms.uipath.com/assets/images/ixp/ixp-docs-image-321839-e2523966.webp)/api/v1/audit_events/query **Bash** ``` curl -X POST 'https:///api/v1/audit_events/query' \ -H "Authorization: Bearer $IXP_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "filter": { "timestamp": { "maximum": "2021-07-10T00:00:00Z", "minimum": "2021-06-10T00:00:00Z" } } }' ``` **Node** ``` const request = require("request"); request.post( { url: "https:///api/v1/audit_events/query", headers: { Authorization: "Bearer " + process.env.IXP_TOKEN, }, json: true, body: { filter: { timestamp: { maximum: "2021-07-10T00:00:00Z", minimum: "2021-06-10T00:00:00Z", }, }, }, }, function (error, response, json) { // digest response console.log(JSON.stringify(json, null, 2)); } ); ``` **Python** ``` response = requests.post( "https:///api/v1/audit_events/query", headers={"Authorization": "Bearer " + os.environ["IXP_TOKEN"]}, json={ "filter": { "timestamp": { "minimum": "2021-06-10T00:00:00Z", "maximum": "2021-07-10T00:00:00Z", } } }, ) print(json.dumps(response.json(), indent=2, sort_keys=True)) ``` **Response** ``` { "audit_events": [ { "actor_user_id": "e2148a6625225593", "dataset_ids": ["1fe230edc85ffc1a"], "event_id": "2555880060c23eb5", "event_type": "get_datasets", "project_ids": ["ce3c61dcf210f425", "274400867ab17af9"], "tenant_ids": ["c59b6e209da438a8"], "timestamp": "2021-06-10T16:32:53Z" } ], "continuation": "2555880060c23eb5", "datasets": [ { "id": "1fe230edc85ffc1a", "name": "collateral-sharing", "project_id": "ce3c61dcf210f425", "title": "Collateral Sharing" }, { "id": "274400867ab17af9", "name": "Customer-Feedback", "project_id": "ce3c61dcf210f425", "title": "Customer Feedback" } ], "projects": [ { "id": "ce3c61dcf210f425", "name": "bank-collateral", "tenant_id": "c59b6e209da438a8" } ], "status": "ok", "tenants": [ { "id": "c59b6e209da438a8", "name": "acme" } ], "users": [ { "display_name": "Alice", "email": "alice@acme.example", "id": "e2148a6625225593", "tenant_id": "c59b6e209da438a8", "username": "alice" } ] } ``` An audit event is a record of an action a user takes in the IXP platform. Example auditable events include: * A user logging in. * A user changing their password. * A user changing the permissions of another user. | Name | Type | Required | Description | | --- | --- | --- | --- | | `continuation` | string | no | If a previous query returned a `continuation` in the response, another page of events is available. Set the returned continuation value here to fetch the next page. | | `limit` | number | no | The number of audit events to return per page. Defaults to 128. | | `filter` | filter | no | A filter that specifies which audit events to return. | `filter` has the following format: | Name | Type | Required | Description | | --- | --- | --- | --- | | `timestamp` | TimestampFilter | no | A filter that specifies what time range to return events in. | `TimestampFilter` has the following format: | Name | Type | Required | Description | | --- | --- | --- | --- | | `minimum` | string | no | An ISO-8601 timestamp. If provided, it only returns an audit event after or including this timestamp. | | `maximum` | string | no | An ISO-8601 timestamp. If provided, it only returns an audit event before this timestamp. | ## Audit event types This section contains all audit event types that apply to Unstructured and Complex Documents. **Project management** | Event type | Description | | --- | --- | | `ucd_project_created` | An Unstructured and Complex Documents project is created. | | `ucd_project_deleted` | An Unstructured and Complex Documents project is deleted. | **Model management** | Event type | Description | | --- | --- | | `model_version_published` | A model is published. | | `model_version_unpublished` | A model tag is updated. | | `model_tag_deleted` | A published model is deleted. | **Dataset management** | Event type | Description | | --- | --- | | `get_datasets` | Datasets are retrieved. | | `get_datasets_by_owner` | Datasets are retrieved by owner. | | `get_dataset` | A specific dataset is retrieved. | | `export_dataset` | A dataset is exported. | **User management** | Event type | Description | | --- | --- | | `create_user` | A new user is created. | | `delete_user` | A user is deleted. | | `get_users` | User information is retrieved. | | `update_user` | User information is modified. | **Authentication and security** | Event type | Description | | --- | --- | | `login_success` | Successful user login. | | `authentication_failed_password` | Failed login due to wrong password. | | `authentication_failed_totp` | Failed login due to wrong TOTP code. | | `login_failed_ip_address` | Failed login due to IP address restrictions. | | `revoke_api_tokens` | API tokens are revoked. | | `revoke_login_tokens` | Login tokens are revoked. | | `revoke_current_login_token` | The current session token is revoked. | | `replace_api_token` | API token is replaced. | | `authentication_failed_totp_lockout` | Failed login due to TOTP lockout. | **Password reset** | Event type | Description | | --- | --- | | `send_password_reset_success` | Successful password reset email sent. | | `send_password_reset_failed_ip_address` | IP blocked password reset. | | `verify_password_reset_success` | Successful password reset verification. | | `verify_password_reset_failed_ip_address` | IP blocked password reset verification. | | `change_password_success` | Successful password change. | | `change_password_failed_totp` | Password change failed due to TOTP. | | `change_password_failed_ip_address` | IP blocked password change. | | `verify_password_reset_failed_signature` | Invalid password reset signature. | | `verify_password_reset_failed_timestamp` | Expired password reset link. | | `change_password_failed_current_password` | Wrong current password provided. | **Comment query** | Event type | Description | | --- | --- | | `comment_query_text` | Text-based comment queries. | | `comment_query_sample` | Sample comment queries. | | `comment_query_learning` | Learning-related comment queries. | | `comment_query_any_label_asc` | Label-based queries in ascending order. | | `comment_query_recent` | Recent comments queries. | | `comment_query_by_label` | Queries filtered by specific labels. | | `comment_query_diagnostic` | Diagnostic comment queries. | | `comment_query_label_property` | Label property queries. | | `comment_query_attachment_text` | Attachment text queries. | **Annotations** | Event type | Description | | --- | --- | | `get_annotations` | Annotations are retrieved. | | `update_annotation` | An annotation is modified. | **Quota management** | Event type | Description | | --- | --- | | `quota_set` | A quota is set. | | `quota_reset` | A quota is reset. | | `quotas_get` | Quotas are retrieved. | **System and administration** | Event type | Description | | --- | --- | | `audit_event_query` | Audit events are queried directly. |