Query Cloudflare Access event log via the API

In the Cloudflare Access dashboard, I can see an event log with entries such as

{
    "user_email": "j******@*********.com",
    "ip_address": "103.xxx.xxx.xxx",
    "app_uid": "12345678-1234-5678-abcd-12345678",
    "app_domain": "********.*******.com",
    "action": "login",
    "connection": "google",
    "allowed": true,
    "created_at": "2020-03-03T10:09:59Z",
    "ray_id": "55555555555555555"
}

Is there some way to access these events via the Cloudflare API? I would like to build a system that reacts to these events by e.g. sending a user an email on their first login to a specific app, or when a new user tries to sign in for an app but is getting rejected, etc.

Even better would be if there is a way to setup a webhook, so I don’t have to poll an API to get the events.

Cheers,
Jan

I don’t see anything in the API documentation. Check with Support and post the Ticket # here.

Login to Cloudflare and then contact Cloudflare Support by clicking on the Get More Help button.

I had checked the API documentation before posting here as well, but didn’t find anything relevant.

I’ve raised a support ticket, as you suggested. Will post back here if I hear anything from Cloudflare.

1 Like

Got a solution from the Cloudflare team:

After checking with the team, this is the api request:

curl --request GET \
  --url 'https://api.cloudflare.com/client/v4/zones/<zone tag>/access/logs/access-requests?direction=desc&limit=10&since=2020-03-01T18%3A59%3A10Z&until=2020-03-03T00%3A00%3A00Z&=' \
  --header 'x-auth-email: <email>' \
  --header 'x-auth-key: <api key>'
1 Like