Audit Logs
Collects and ingests audit logs and security events within your Postman organization.
Sync Type: Incremental
Overview
The Postman Audit Logs input allows you to collect organization audit logs from the Postman API. This input provides visibility into security-related activities, user actions, and configuration changes within your Postman organization.
Prerequisites
Before configuring the Postman Audit Logs input, ensure you have:
- Postman Account: Access to a Postman organization with audit log capabilities
- Administrative Access: Permissions to generate API keys with audit log access
- API Key: A Postman API key with permissions to access audit logs
Setup Instructions
Step 1: Generate a Postman API Key
- Log in to your Postman account
- Navigate to Settings > API keys or visit Postman API Keys
- Click Generate API Key
- Provide a descriptive name for the key (e.g., "Monad Audit Log Connector")
- Copy the generated API key and store it securely
Important: API keys provide access to your organization's data. Store them securely and never commit them to version control.
Step 2: Verify API Key Permissions
Ensure your API key has the necessary permissions to access audit logs:
- The key must be generated by a user with administrative privileges in the organization
- The user must have permissions to view audit logs in the Postman workspace
Configuration
Settings
| Setting | Type | Required | Default | Description |
|---|---|---|---|---|
| Backfill Start Time | string | No | - | The date to start fetching data from. If not specified, no past records will be fetched. |
Secrets
| Secret | Type | Required | Description |
|---|---|---|---|
| API Key | string | Yes | The API key from your Postman team with permissions to access audit logs |
Technical Details
Collection Behavior
The input follows an incremental collection pattern:
- First run: Collects all available audit logs
- Subsequent runs: Collects only new audit logs since the last successful run
- Page size: Processes up to 100 records per API request
- State tracking: Maintains cursor position to resume from last processed event
Data Collected
The audit logs include information about:
- User authentication events (sign-in, sign-out)
- Collection management (create, update, delete, publish)
- Workspace activities (member additions, permission changes)
- API key management (generation, revocation)
- Team and organization changes
- Environment and variable modifications
- Mock server operations
- Monitor activities
Each audit log entry includes:
- Unique event ID and timestamp
- Action type and description
- Actor information (user who performed the action)
- Resource details (collections, workspaces, etc.)
- IP address and user agent information
- Additional contextual metadata
Troubleshooting
Common Issues
-
Authentication failures
- Verify the API key is correct and hasn't expired
- Ensure the API key belongs to a user with administrative privileges
- Check that the user has audit log viewing permissions
-
No events returned
- Verify that audit logging is enabled for your Postman organization
- Check that the backfill start time is within the data retention period
- Ensure there have been activities in the organization during the specified timeframe
-
Missing recent events
- There may be a slight delay between when events occur and when they appear in the audit logs
- Wait a few minutes and check if the events appear in subsequent runs
Related Articles
Sample Record
{
"id": "198021612",
"timestamp": "2025-08-11T23:46:59.165961Z",
"action": "user.signin",
"actor": {
"id": "3842560",
"name": "John Doe",
"email": "john.doe@example.com",
"type": "user"
},
"resource": {
"id": "team_12345",
"name": "Engineering Team",
"type": "team"
},
"client": {
"ip": "192.168.1.100",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36"
},
"metadata": {
"source": "web",
"location": "San Francisco, CA"
}
}