API Reference

Zero Trust

Access

Logs

Access Requests

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Get Access authentication logs

client.ZeroTrust.Access.Logs.AccessRequests.List(ctx, params) (*[]AccessRequest, error)

GET/accounts/{account_id}/access/logs/access_requests

Gets a list of Access authentication audit logs for an account.

Security

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

Accepted Permissions (at least one required)

Access: Audit Logs Read

ParametersExpand Collapse

params AccessLogAccessRequestListParams

AccountID param.Field[string]

Path param: Identifier.

maxLength32

AllowedOp param.Field[AccessLogAccessRequestListParamsAllowedOp]Optional

Query param: Operator for the allowed filter.

const AccessLogAccessRequestListParamsAllowedOpEq AccessLogAccessRequestListParamsAllowedOp = "eq"

const AccessLogAccessRequestListParamsAllowedOpNeq AccessLogAccessRequestListParamsAllowedOp = "neq"

AppTypeOp param.Field[AccessLogAccessRequestListParamsAppTypeOp]Optional

Query param: Operator for the app_type filter.

const AccessLogAccessRequestListParamsAppTypeOpEq AccessLogAccessRequestListParamsAppTypeOp = "eq"

const AccessLogAccessRequestListParamsAppTypeOpNeq AccessLogAccessRequestListParamsAppTypeOp = "neq"

AppUIDOp param.Field[AccessLogAccessRequestListParamsAppUIDOp]Optional

Query param: Operator for the app_uid filter.

const AccessLogAccessRequestListParamsAppUIDOpEq AccessLogAccessRequestListParamsAppUIDOp = "eq"

const AccessLogAccessRequestListParamsAppUIDOpNeq AccessLogAccessRequestListParamsAppUIDOp = "neq"

CountryCodeOp param.Field[AccessLogAccessRequestListParamsCountryCodeOp]Optional

Query param: Operator for the country_code filter.

const AccessLogAccessRequestListParamsCountryCodeOpEq AccessLogAccessRequestListParamsCountryCodeOp = "eq"

const AccessLogAccessRequestListParamsCountryCodeOpNeq AccessLogAccessRequestListParamsCountryCodeOp = "neq"

Direction param.Field[AccessLogAccessRequestListParamsDirection]Optional

Query param: The chronological sorting order for the logs.

const AccessLogAccessRequestListParamsDirectionDesc AccessLogAccessRequestListParamsDirection = "desc"

const AccessLogAccessRequestListParamsDirectionAsc AccessLogAccessRequestListParamsDirection = "asc"

Email param.Field[string]Optional

Query param: Filter by user email. Match mode is controlled by emailOp (preferred) or the legacy email_exact flag.

• Default (no emailOp, email_exact=false or unset): substring match — email=@example.com returns all events with that domain.
• Exact match: set emailOp=eq (preferred) or email_exact=true — e.g. email=user@example.com&email_exact=true returns only that user.
• Explicit substring match: set emailOp=contains (without email_exact=true). When both are set, email_exact=true takes precedence and the match is exact.
• Exclusion: set emailOp=neq. With email_exact=true this is an exact-value exclusion; without it, a fuzzy substring exclusion.

formatemail

EmailExact param.Field[bool]Optional

Query param: When true, email is matched exactly instead of substring matching.

EmailOp param.Field[AccessLogAccessRequestListParamsEmailOp]Optional

Query param: Operator for the email filter. contains performs a substring (case-sensitive) match. When email_exact=true is also set, email_exact takes precedence and contains is ignored.

const AccessLogAccessRequestListParamsEmailOpEq AccessLogAccessRequestListParamsEmailOp = "eq"

const AccessLogAccessRequestListParamsEmailOpNeq AccessLogAccessRequestListParamsEmailOp = "neq"

const AccessLogAccessRequestListParamsEmailOpContains AccessLogAccessRequestListParamsEmailOp = "contains"

Fields param.Field[string]Optional

Query param: Comma-separated list of fields to include in the response. When omitted, all fields are returned.

IdPOp param.Field[AccessLogAccessRequestListParamsIdPOp]Optional

Query param: Operator for the idp filter.

const AccessLogAccessRequestListParamsIdPOpEq AccessLogAccessRequestListParamsIdPOp = "eq"

const AccessLogAccessRequestListParamsIdPOpNeq AccessLogAccessRequestListParamsIdPOp = "neq"

Limit param.Field[int64]Optional

Query param: The maximum number of log entries to retrieve.

NonIdentityOp param.Field[AccessLogAccessRequestListParamsNonIdentityOp]Optional

Query param: Operator for the non_identity filter.

const AccessLogAccessRequestListParamsNonIdentityOpEq AccessLogAccessRequestListParamsNonIdentityOp = "eq"

const AccessLogAccessRequestListParamsNonIdentityOpNeq AccessLogAccessRequestListParamsNonIdentityOp = "neq"

Page param.Field[int64]Optional

Query param: Page number of results.

PerPage param.Field[int64]Optional

Query param: Number of results per page.

RayIDOp param.Field[AccessLogAccessRequestListParamsRayIDOp]Optional

Query param: Operator for the ray_id filter.

const AccessLogAccessRequestListParamsRayIDOpEq AccessLogAccessRequestListParamsRayIDOp = "eq"

const AccessLogAccessRequestListParamsRayIDOpNeq AccessLogAccessRequestListParamsRayIDOp = "neq"

Since param.Field[Time]Optional

Query param: The earliest event timestamp to query.

formatdate-time

Until param.Field[Time]Optional

Query param: The latest event timestamp to query.

formatdate-time

UserID param.Field[string]Optional

Query param: Deprecated. Accepted for backward compatibility but no longer applied as a filter. Use email instead.

formatuuid

UserIDOp param.Field[AccessLogAccessRequestListParamsUserIDOp]Optional

Query param: Deprecated. Accepted for backward compatibility but no longer applied as a filter (the user_id parameter is itself deprecated).

const AccessLogAccessRequestListParamsUserIDOpEq AccessLogAccessRequestListParamsUserIDOp = "eq"

const AccessLogAccessRequestListParamsUserIDOpNeq AccessLogAccessRequestListParamsUserIDOp = "neq"

ReturnsExpand Collapse

type AccessLogAccessRequestListResponseEnvelopeResult []AccessRequest

Action stringOptional

The event that occurred, such as a login attempt.

Allowed boolOptional

The result of the authentication event.

AppDomain stringOptional

The URL of the Access application.

AppUID stringOptional

The unique identifier for the Access application.

Connection stringOptional

The IdP used to authenticate.

CreatedAt TimeOptional

formatdate-time

IPAddress stringOptional

The IP address of the authenticating user.

RayID stringOptional

The unique identifier for the request to Cloudflare.

maxLength16

UserEmail stringOptional

The email address of the authenticating user.

formatemail

Get Access authentication logs

Go

HTTP

TypeScript

Python

Go

Terraform

package main

import (
  "context"
  "fmt"

  "github.com/stainless-sdks/cloudflare-go"
  "github.com/stainless-sdks/cloudflare-go/option"
  "github.com/stainless-sdks/cloudflare-go/zero_trust"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
    option.WithAPIEmail("user@example.com"),
  )
  accessRequests, err := client.ZeroTrust.Access.Logs.AccessRequests.List(context.TODO(), zero_trust.AccessLogAccessRequestListParams{
    AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", accessRequests)
}

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": [
    {
      "action": "login",
      "allowed": true,
      "app_domain": "test.example.com/admin",
      "app_uid": "df7e2w5f-02b7-4d9d-af26-8d1988fca630",
      "connection": "saml",
      "created_at": "2014-01-01T05:20:00.12345Z",
      "ip_address": "198.41.129.166",
      "ray_id": "187d944c61940c77",
      "user_email": "user@example.com"
    }
  ]
}

Returns Examples

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": [
    {
      "action": "login",
      "allowed": true,
      "app_domain": "test.example.com/admin",
      "app_uid": "df7e2w5f-02b7-4d9d-af26-8d1988fca630",
      "connection": "saml",
      "created_at": "2014-01-01T05:20:00.12345Z",
      "ip_address": "198.41.129.166",
      "ray_id": "187d944c61940c77",
      "user_email": "user@example.com"
    }
  ]
}