clickup_query_audit_logs
Retrieve workspace audit log entries for security and compliance. Filter by event class, user, outcome, and time window.
Instructions
Query a Workspace's audit trail (Enterprise, Workspace owner only).
Retrieves audit-log rows for a class of events (applicability), optionally
narrowed by user, event type, outcome, and time window. Results are
timestamp-paginated: pass the last row's timestamp back as page_timestamp
(with page_direction) to walk the log.
Note: Enterprise plan only — returns 403 on other plans. Additionally, only the Workspace owner's token can read audit logs; other tokens get 403.
When to Use:
For a security/compliance review of who did what in the Workspace.
When NOT to Use:
For task activity feeds — audit logs cover account/security/hierarchy administration, not per-task comment history.
Returns: A list of audit entries (event, outcome, actor, time). Use response_format json for the raw rows including every field.
Pagination:
Timestamp-based. Read the timestamp of the last row, then call again with
page_timestamp=<that> and page_direction="before" (older) or "after".
Examples:
params = {"applicability": "auth-and-security", "event_status": "failed"}
params = {"applicability": "user-activity", "user_emails": ["a@x.io"], "page_rows": 50}
Error Handling:
403 → not Enterprise or the token is not the Workspace owner; 400 → bad
filter. Errors return an Error ... string.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| params | Yes |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |