Audit Logs

Concepts

Designs, folders, and assets Teams, groups, and users Canva Apps and Integrations

Actions reference

Apps Brands Content Designs Exports Folders Groups Organizations Permissions Teams Users

Audit events

Audit events are exported as JSON and specify an actor that performed an action on a target at time timestamp with a specific outcome under a context. For example:

{
  "id": "3849ef51-ca85-4028-bae3-1b8de3ee5738",
  "timestamp": 1704070800123,
  "actor": {
    "type": "USER",
    "user": {
      "id": "UXoqDbwwSbQ",
      "display_name": "Jane Doe",
      "email": "[email protected]"
    },
    "team": {
      "id": "BXeFatjDhdR",
      "display_name": "Acme Team"
    },
    "organization": {
      "id": "OXtgecafZvh",
      "display_name": "Acme Corporation"
    },
    "redacted": true
  },
  "target": {
    "target_type": "USER",
    "user": {
      "id": "UXoqDbwwSbQ",
      "display_name": "Jane Doe",
      "email": "[email protected]"
    },
    "team": {
      "id": "BXeFatjDhdR",
      "display_name": "Acme Team"
    }
  },
  "action": {
    "type": "CREATE",
    "create_type": "CREATE_DESIGN"
  },
  "outcome": {
    "result": "PERMITTED",
    "details": {
      "type": "RESOURCE_CREATED",
      "resource_id": "DXWEBartcNg",
      "resource_type": "DESIGN"
    }
  },
  "context": {
    "ip_address": "192.0.2.123",
    "session": "41cfef61",
    "request_id": "220d18b47fcb2d23c72a2a954dff09cb",
    "device_id": "d2805fafb9b50fe3f3d6ebbe221fc0e0883bf06b6bc285389147f3b259c2c4c1"
  }
}

JSON

The actor is the user who initiated the action. This can be a logged in user, or an anonymous (logged out) user.

The action describes the activity, such as a user viewing a design or deleting another user.

The target is the user, team, organization, or resource that the action targeted. For example, a delete user action includes the ID of the user being deleted.

The outcome includes the result of the action, such as whether it succeeded and information about affected resources. For example, the outcome of a successful create user action will contain the user ID of the newly created user.

The context contains additional information related to the event, such as the IP address of the actor.

AuditEvent schema

idstring

The ID of the audit event.

timestampinteger

The time the event occurred, as a Unix timestamp (in milliseconds since the Unix Epoch).

actorActor

The person who performed the action.

Properties of actor

typestring

This can be one of the following:

USER: A Canva user, including the team and organization context for the action.
CANVA_CUSTOMER_SUPPORT: A Canva Staff member providing customer support.
ANONYMOUS: A user that isn't signed in.
SYSTEM: A system that isn't associated with a single user account. System actors include internal Canva system processes or external systems such as SCIM IdP providers.

userAuditLogUser

CONDITIONAL

A Canva user.

Properties of user

idstring

The user ID.

display_namestring

OPTIONAL

The display name of the user.

For privacy reasons, this field is redacted for users outside of your organization. Rarely, it may also be unavailable for technical reasons.

emailstring

OPTIONAL

The email address of the user.

For privacy reasons, this field is redacted for users outside of your organization. Rarely, it may also be unavailable for technical reasons.

teamAuditLogTeam

CONDITIONAL

A Canva team.

Properties of team

idstring

The team ID.

display_namestring

OPTIONAL

The display name of the team.

For privacy reasons, this field is redacted for brands outside of your organization. Rarely, it may be unavailable for technical reasons.

organizationAuditLogOrganization

OPTIONAL

A Canva organization.

Properties of organization

idstring

The organization ID.

display_namestring

OPTIONAL

The display name of the organization.

For privacy reasons, this field is redacted for organizations other than your organization. Rarely, it may be unavailable for technical reasons.

redactedboolean

OPTIONAL

true when we've redacted the details of the user, brand, or organization because they're outside of your organization.

detailsSystemDetails

OPTIONAL

Details about the system actor.

Properties of details

typestring

This can be one of the following:

SCIM: Details about the SCIM IdP provider.
CRM: Details about the Customer Relationship Management system.

targetTarget

The target resource of an action.

Properties of target

target_typestring

This can be one of the following:

USER: The user that is the target of the action.
TEAM: The team that is the target of the action.
ORGANIZATION: The organization that is the target of the action.
RESOURCE: The resource that's the target of the action. For example, a design.

userAuditLogUser

CONDITIONAL

A Canva user.

Properties of user

idstring

The user ID.

display_namestring

OPTIONAL

The display name of the user.

For privacy reasons, this field is redacted for users outside of your organization. Rarely, it may also be unavailable for technical reasons.

emailstring

OPTIONAL

The email address of the user.

For privacy reasons, this field is redacted for users outside of your organization. Rarely, it may also be unavailable for technical reasons.

teamAuditLogTeam

CONDITIONAL

A Canva team.

Properties of team

idstring

The team ID.

display_namestring

OPTIONAL

The display name of the team.

For privacy reasons, this field is redacted for brands outside of your organization. Rarely, it may be unavailable for technical reasons.

organizationAuditLogOrganization

CONDITIONAL

A Canva organization.

Properties of organization

idstring

The organization ID.

display_namestring

OPTIONAL

The display name of the organization.

For privacy reasons, this field is redacted for organizations other than your organization. Rarely, it may be unavailable for technical reasons.

resource_typestring

CONDITIONAL

The type of resource. This can be one of the following:

BRAND_KIT: A brand kit⁠(opens in a new tab or window).
DESIGN: A design.
FOLDER: A folder.
GROUP: A Canva group.
MEDIA: A media.
BRAND_TEMPLATE: A brand template⁠(opens in a new tab or window).
VIDEO: A video.

idstring

CONDITIONAL

The resource ID.

ownerOwner

CONDITIONAL

The owner of the resource.

Properties of owner

typestring

This can be one of the following:

USER: An owner who is a user.
TEAM: An owner that is a team.
ORGANIZATION: An owner that is an organization.

userAuditLogUser

CONDITIONAL

A Canva user.

Properties of user

idstring

The user ID.

display_namestring

OPTIONAL

The display name of the user.

For privacy reasons, this field is redacted for users outside of your organization. Rarely, it may also be unavailable for technical reasons.

emailstring

OPTIONAL

The email address of the user.

For privacy reasons, this field is redacted for users outside of your organization. Rarely, it may also be unavailable for technical reasons.

teamAuditLogTeam

CONDITIONAL

A Canva team.

Properties of team

idstring

The team ID.

display_namestring

OPTIONAL

The display name of the team.

For privacy reasons, this field is redacted for brands outside of your organization. Rarely, it may be unavailable for technical reasons.

organizationAuditLogOrganization

CONDITIONAL

A Canva organization.

Properties of organization

idstring

The organization ID.

display_namestring

OPTIONAL

The display name of the organization.

For privacy reasons, this field is redacted for organizations other than your organization. Rarely, it may be unavailable for technical reasons.

namestring

OPTIONAL

The name of the resource.

actionAction

This can be one of the following action types:

outcomeOutcome

Outcome of the action.

Properties of outcome

resultstring

The outcome result. This can be one of the following:

UNKNOWN: The action failed due to an unknown error.
PERMITTED: The action was permitted.
DENIED: The action was denied.
RESOURCE_NOT_FOUND: The action failed because the resource was not found.
FAILED: The action failed.

detailsOutcomeDetails

OPTIONAL

Additional details about the outcome.

Properties of details

typestring

This can be one of the following:

RESOURCE_CREATED: Outcome details when a new resource is created.
USER_CREATED: Outcome details when a new user is created.

resource_idstring

CONDITIONAL

The resource ID.

resource_typestring

CONDITIONAL

The type of resource. This can be one of the following:

BRAND_KIT: A brand kit⁠(opens in a new tab or window).
DESIGN: A design.
FOLDER: A folder.
GROUP: A Canva group.
MEDIA: A media.
BRAND_TEMPLATE: A brand template⁠(opens in a new tab or window).
VIDEO: A video.

user_idstring

CONDITIONAL

The ID of the created user.

contextContext

Additional context associated with the audit event.

Properties of context

ip_addressstring

OPTIONAL

The IP address of the actor.

sessionstring

OPTIONAL

The session ID of the actor.

request_idstring

OPTIONAL

The ID of the request.

device_idstring

OPTIONAL

A hashed ID generated and stored on the device when a user logs into Canva from a device without a device_id (such as a new or reformatted device, or after a web browser's cache is cleared). This ID can be useful for identifying suspicious logins.

This ID is stored on the user's device, and may be subject to forgery or tampering.