Audit Logs

Concepts

Designs, folders, and assets Teams, groups, and users Canva Apps and Integrations

Actions reference

Apps Audit logs Brands Content Designs Exports Folders Groups Organizations Permissions Teams Users Websites

Audit events

Audit events are exported as JSON and specify an actor that performed an action on a target at time timestamp with a specific outcome under a context. For example:

{
  "id": "3849ef51-ca85-4028-bae3-1b8de3ee5738",
  "timestamp": 1704070800123,
  "actor": {
    "type": "USER",
    "user": {
      "id": "UXoqDbwwSbQ",
      "display_name": "Jane Doe",
      "email": "[email protected]"
    },
    "team": {
      "id": "BXeFatjDhdR",
      "display_name": "Acme Team"
    },
    "organization": {
      "id": "OXtgecafZvh",
      "display_name": "Acme Corporation"
    },
    "redacted": true
  },
  "target": {
    "target_type": "USER",
    "user": {
      "id": "UXoqDbwwSbQ",
      "display_name": "Jane Doe",
      "email": "[email protected]"
    },
    "team": {
      "id": "BXeFatjDhdR",
      "display_name": "Acme Team"
    }
  },
  "action": {
    "type": "CREATE",
    "create_type": "CREATE_DESIGN"
  },
  "outcome": {
    "result": "PERMITTED",
    "details": {
      "type": "RESOURCE_CREATED",
      "resource_id": "DXWEBartcNg",
      "resource_type": "DESIGN"
    }
  },
  "context": {
    "ip_address": "192.0.2.123",
    "session": "41cfef61",
    "request_id": "220d18b47fcb2d23c72a2a954dff09cb",
    "device_id": "d2805fafb9b50fe3f3d6ebbe221fc0e0883bf06b6bc285389147f3b259c2c4c1"
  }
}

JSON

The actor is the user who initiated the action. This can be a logged in user, or an anonymous (logged out) user.

The action describes the activity, such as a user viewing a design or deleting another user.

The target is the user, team, organization, or resource that the action targeted. For example, a delete user action includes the ID of the user being deleted.

The outcome includes the result of the action, such as whether it succeeded and information about affected resources. For example, the outcome of a successful create user action will contain the user ID of the newly created user.

The context contains additional information related to the event, such as the IP address of the actor.

AuditEvent schema

idstring

The ID of the audit event.

timestampinteger

The time the event occurred, as a Unix timestamp (in milliseconds since the Unix Epoch).

actorActor

The person who performed the action.

typestring

This can be one of the following:

USER: A Canva user, including the team and organization context for the action.
CANVA_CUSTOMER_SUPPORT: A Canva Staff member providing customer support.
ANONYMOUS: A user that isn't signed in.
SYSTEM: A system that isn't associated with a single user account. System actors include internal Canva system processes or external systems such as SCIM IdP providers.

userAuditLogUser

Conditional

A Canva user.

idstring

The user ID.

display_namestringOptional

The display name of the user.

For privacy reasons, this field is redacted for users outside of your organization. Rarely, it may also be unavailable for technical reasons.

emailstringOptional

The email address of the user.

For privacy reasons, this field is redacted for users outside of your organization. Rarely, it may also be unavailable for technical reasons.

teamAuditLogTeam

Conditional

A Canva team.

idstring

The team ID.

display_namestringOptional

The display name of the team.

For privacy reasons, this field is redacted for brands outside of your organization. Rarely, it may be unavailable for technical reasons.

redactedboolean

Conditional

true when we've redacted the details of the user, brand, or organization because they're outside of your organization.

organizationAuditLogOrganization

Optional

A Canva organization.

idstring

The organization ID.

display_namestringOptional

The display name of the organization.

For privacy reasons, this field is redacted for organizations other than your organization. Rarely, it may be unavailable for technical reasons.

detailsSystemDetails

Optional

Details about the system actor.

typestring

This can be one of the following:

SCIM: Details about the SCIM IdP provider.
CRM: Details about the Customer Relationship Management system.

targetTarget

The target resource of an action.

target_typestring

This can be one of the following:

USER: The user that is the target of the action.
TEAM: The team that is the target of the action.
ORGANIZATION: The organization that is the target of the action.
RESOURCE: The resource that's the target of the action. For example, a design.

userAuditLogUser

Conditional

A Canva user.

idstring

The user ID.

display_namestringOptional

The display name of the user.

For privacy reasons, this field is redacted for users outside of your organization. Rarely, it may also be unavailable for technical reasons.

emailstringOptional

The email address of the user.

For privacy reasons, this field is redacted for users outside of your organization. Rarely, it may also be unavailable for technical reasons.

teamAuditLogTeam

Conditional

A Canva team.

idstring

The team ID.

display_namestringOptional

The display name of the team.

For privacy reasons, this field is redacted for brands outside of your organization. Rarely, it may be unavailable for technical reasons.

organizationAuditLogOrganization

Conditional

A Canva organization.

idstring

The organization ID.

display_namestringOptional

The display name of the organization.

For privacy reasons, this field is redacted for organizations other than your organization. Rarely, it may be unavailable for technical reasons.

resource_typestring

Conditional

The type of resource.

Available values:

BRAND_KIT: A Brand Kit⁠(opens in a new tab or window).
DESIGN: A design.
FOLDER: A folder.
GROUP: A Canva group.
MEDIA: A media.
BRAND_TEMPLATE: A brand template⁠(opens in a new tab or window).
VIDEO: A video.
AUDIO: An audio.
WEBSITE_DOMAIN: A website domain.

idstring

Conditional

The resource ID.

ownerOwner

Conditional

The owner of the resource.

typestring

This can be one of the following:

USER: An owner who is a user.
TEAM: An owner that is a team.
ORGANIZATION: An owner that is an organization.

userAuditLogUser

Conditional

A Canva user.

idstring

The user ID.

display_namestringOptional

The display name of the user.

For privacy reasons, this field is redacted for users outside of your organization. Rarely, it may also be unavailable for technical reasons.

emailstringOptional

The email address of the user.

For privacy reasons, this field is redacted for users outside of your organization. Rarely, it may also be unavailable for technical reasons.

teamAuditLogTeam

Conditional

A Canva team.

idstring

The team ID.

display_namestringOptional

The display name of the team.

For privacy reasons, this field is redacted for brands outside of your organization. Rarely, it may be unavailable for technical reasons.

organizationAuditLogOrganization

Conditional

A Canva organization.

idstring

The organization ID.

display_namestringOptional

The display name of the organization.

For privacy reasons, this field is redacted for organizations other than your organization. Rarely, it may be unavailable for technical reasons.

namestring

Optional

The name of the resource.

actionAction

This can be one of the following action types:

outcomeOutcome

Outcome of the action.

resultstring

The outcome result.

Available values:

UNKNOWN: The action failed due to an unknown error.
PERMITTED: The action was permitted.
DENIED: The action was denied.
RESOURCE_NOT_FOUND: The action failed because the resource was not found.
FAILED: The action failed.

detailsOutcomeDetailsOptional

Additional details about the outcome.

typestring

This can be one of the following:

RESOURCE_CREATED: Outcome details when a new resource is created.
USER_CREATED: Outcome details when a new user is created.

resource_idstring

Conditional

The resource ID.

resource_typestring

Conditional

The type of resource.

Available values:

BRAND_KIT: A Brand Kit⁠(opens in a new tab or window).
DESIGN: A design.
FOLDER: A folder.
GROUP: A Canva group.
MEDIA: A media.
BRAND_TEMPLATE: A brand template⁠(opens in a new tab or window).
VIDEO: A video.
AUDIO: An audio.
WEBSITE_DOMAIN: A website domain.

user_idstring

Conditional

The ID of the created user.

contextContext

Additional context associated with the audit event.

ip_addressstringOptional

The IP address of the actor.

sessionstringOptional

The session ID of the actor.

request_idstringOptional

The ID of the request.

device_idstringOptional

A hashed ID generated and stored on the device when a user logs into Canva from a device without a device_id (such as a new or reformatted device, or after a web browser's cache is cleared). This ID can be useful for identifying suspicious logins.

This ID is stored on the user's device, and may be subject to forgery or tampering.