The Access Log API is a powerful tool that enhances data security and administrative control of your Zendesk account. You can use the API to export a log of access events in your account, offering a comprehensive log of data accessed by agents and admins.
About the Access Log API
The Access Log API captures what data an agent or admin has accessed in your Zendesk account within the last 90 days. The API does not capture end-user events.
The access log is a record of access events for your account related to tickets, user profiles, and searches. Access events are instances where an agent or admin has viewed data but did not take action on it. This differs from the audit log, which tracks changes to your account.
For example, the access log can help you answer the following questions:
- What tickets are agents accessing?
- What information are agents searching for?
- What user profiles are agents viewing?
Working with APIs generally requires some level of developer experience. You’ll need to work with a developer or other technical resource at your company to access, export, and format the data, as described in Exporting access logs to a CSV file.
Turning on the Access Log API
Before you can use the API, you need to turn it on in Zendesk Admin Center.
To turn on the Access Log API
- In Admin Center, click Account in the sidebar, then select Audit log > Audit log.
- Click Manage settings.
- Select Turn on the Access Log API.
- Click Save.
Next, we'll explore some example scenarios. In these examples, Anna is an IT security manager responsible for data security and privacy. Claire is an agent at her company.
Using the access log to help define permissions
Anna relies on access logs to ensure that the right agents are viewing the right data to comply with data privacy regulations that require a record of customer data access.
Anna leverages the access log to understand what permissions are required for a new customer service team.
Claire is a member of the new team, and Anna uses her activity as a reference point. When Anna makes the API call filtered by Claire’s user ID, she sees all of Claire’s access events, including a record of the tickets viewed and searches, at what time, and from which IP address.
For example, Anna can see that Claire (user_id 1213456789) viewed ticket number 937.
Clarie also opened the profile belonging to user_id 9878654.
This helps Anna understand if Claire is accessing tickets assigned to other agent groups or if Claire is viewing profiles of customers assigned to other agents. Anna now has more data to help her set up the proper permissions for Claire and other agents in her group.
Using the access log to proactively address security risks
Anna uses search records in the access log to proactively address security risks. She can identify suspicious behavior like repeated searches for credit cards or other personal or sensitive information.
In this example, Anna can see that Claire is searching for "credit card."
After noticing repeated similar searches, she decides to follow up and investigate.
If Anna were investigating an incident, she could similarly use the access log to help trace which customers have been affected. This helps the security team take proper steps to address the issue.
Once Anna has done this, she continues to use the access log to proactively identify data security risks, refine CX security and privacy policies, and support compliance with data privacy laws and regulations.