See Properties: Audit Logging for information about the security and reliability of these logs.

This endpoint returns audit logs for the last 72 hours from active storage. For events outside this range, audit data can be viewed from the Fetch Property Analytics endpoint, for up to 90 days.

Some event types do not include the HMAC signature of that event (often when the event needs to be prepared to be viewable by end-users or analytics tools). In cases like these, you must export the data to view the HMAC signature of that event.

curl --location --request POST '' \
--header 'Authorization: Bearer <API_KEY>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "property_id": <PROPERTY_ID>,
    "timeframe": {
        "from": <TIMEFRAME_FROM>,
        "to": <TIMEFRAME_TO>


These are values in Unix time and in seconds (so you must divide by 1000 and round) to filter events down to and between.