The Workspace audit log API gives Enterprise Workspace Admins and Security teams the ability to monitor and audit key security-related events across your Workspace and sites.
You can use Workspace audit logs to track when users log in, are granted access, or have permissions changed, and to monitor updates to roles, memberships, and invitations. Logs capture events such as users being added to or removed from Workspaces and sites, custom role creation or updates, and invitation flows (sent, accepted, canceled, declined). This visibility supports teams in investigating account misuse, monitoring compliance, and conducting regular access reviews.
You can also integrate the Workspace audit log API into your security stack — such as SIEM platforms like Splunk, Datadog, or SumoLogic — to enable alerting, automate incident detection, and meet compliance and auditing requirements.
How to use the Workspace audit log API
- Go to Workspace settings > Integrations > Workspace API access
- Generate an API token
- Use the token to retrieve data in the tool of your choice. The API cURL is https://api.webflow.com/v2/workspaces/[workspace-slug-or-id]/audit_logs
- Use optional query parameters to filter, sort, and paginate the data
An example pull request looks like this:
curl --request GET \
--url 'https://api.webflow.com/v2/workspaces/[workspace-slug-or-id]/audit_logs \
--header 'authorization: Bearer [REDACTED]
Optional query parameters
| Field | Type | Description |
| workspace | Object with id and slug | Workspace in which the event took place |
| actor | Object with id and email | Actor who performed the action |
| timestamp | ISO timestamp (YYYY-MM-DDTHH:mm:ssZ) | Time at which the event occurred |
| eventType | Enum: user_access, custom_role, workspace_membership, site_membership, workspace_invitation | Category of the event |
| eventSubType | Enum: values depend on eventType | Specific action that the event represents |
| payload | Object: fields depend on eventType | Contextual details about the event |
Each event contains contextual details about the action, who performed it, and whom it affected. Learn more about the path parameters, query parameters, responses, and errors.
FAQs
How long is the data retention period?
Logs are retained for 1 year.
How soon are logs available after generation?
Logs are available within at least 10 minutes of the event.
Will you support a push-based model?
At this time we support the pull-based API while we gather further interest for push based model.
Is the Workspace audit log's data encrypted at rest?
Yes, data at rest is encrypted using AES-256 and the data transport intra cluster is encrypted via TLS 1.2 encryption.
Are logs available for historic data (e.g., before a workspace became an Enterprise customer, or before the launch of audit log API)?
Logs are only available starting from the point when the Workspace audit log API was launched (May 2025). Events occurring before that — including before a Workspace becomes an Enterprise customer — aren’t available retroactively.