Audit logs

Updated

Audit logs help you track changes made to your account, workspaces, messages, and other assets so you can keep your account secure and troubleshoot issues.

To track changes to your workspace data, like updates to people or custom objects, go to your Activity Logs.

Overview

As an Account Admin, you have access to two audit logs:

  • Go to Account settings > Audit logs to see Account-level audit logs. These provide security-related information like team member session data, changes in permissions, and deletion of API keys.
  • Go to Workspace settings > Audit logs to see Workspace-level audit logs. These provide information about changes that team members and Customer.io made to your workspace, including imports and exports.

Each entry in the audit log shows an Activity and a Timestamp. Click to see more details about an activity. You’ll see different activities depending on whether you’re viewing account or workspace logs.

Audit log table including a user session and deletion of an API key
Audit log table including a user session and deletion of an API key

Filter your audit logs

You can filter your logs by Date Range, but your plan determines the maximum available time period.

  • On an Essentials plan, you can view, filter, and export data from the past 30 days.
  • On a Premium or Enterprise plan, you can view and filter for data over any time period, but you can only export up the past year of activities.

You can filter your logs by Date Range, Team member, the IP address of users who perform activities, and Event type. The Event type is a category of activities.

The System team member

Under Team member, the System entry represents Customer.io. We do some things automatically, like adding pre-built segments when you create a new workspace. These activities are attributed to System.

Share your audit logs

You can share your audit logs outside of Customer.io in a few ways:

  • Export to CSV
  • Copy raw data
  • Copy metadata

To share an individual activity with another Account Admin, click and then Copy link.

Export to CSV

Click Export to CSV, and then choose the date range to export and which workspace to save the download to.

Keep in mind, if you’re on the Essentials plan, you can export up to the past 30 days of logs. On the Premium or Enterprise plans, you can export up to the last year.

Copy log data

To copy log data, click :

  • Select View raw data to copy the event payload.
  • Select View metadata to copy the metadata like IP address and API used in the request.

Show diff

To see how the event changed your account or workspace data, click and then Show diff.

Here’s an example of a diff for a campaign in a workspace log. You can see what was removed in red and added in green:

A new last updated date is highlighted green. The old last updated date is red.
A new last updated date is highlighted green. The old last updated date is red.

Account audit log activities

Activities are grouped into Event Type values that represent a category of activities. For example, Administration activities are related to account-level settings and permissions.

ActivityDescription
Administration
AccountThe main Customer.io account settings and configuration
WorkspaceSeparate environments within the account (e.g., production, staging)
API & Integrations
API CredentialsAPI keys used to authenticate with Customer.io Track APIs. We currently don't surface data for Pipelines integrations.
App API KeyAPI keys used to authenticate with Customer.io App APIs
Dedicated IP AddressCustom IP Addresses associated with the account
Permissions
RoleCustom roles defining permission sets for team members
Team MemberUsers with access to the Customer.io account
Team Member Workspace PermissionsWorkspace-specific permissions assigned to team members
Team Member Account PermissionsAccount-wide permissions assigned to team members
Security
Log in/outUser authentication events
SCIM ConfigurationSSO user provisioning with System for Cross-domain Identity Management (SCIM)
SCIM TokenAuthentication tokens for SCIM provisioning
SSO ConfigurationSingle Sign-On identity provider settings, like SAML
Whitelisted IPIP addresses allowed for restricted access

Workspace audit log activities

Activities are grouped into Event Type values that represent a category of activities. For example, Content activities are related to images, files, and media uploaded to the workspace.

ActivityDescription
Content
AssetImages, files, and media uploaded to the workspace
LayoutEmail layout templates that wrap content (available for emails made in the rich text or code editors only)
Saved RowReusable content rows for email templates (available for emails made with the drag-and-drop editor only)
SnippetReusable content blocks (headers, footers, etc.)
TemplateEmail, SMS, push, or in-app message templates. This captures content changes across all workflows: campaigns, broadcasts, newsletters, transactional messages, and anonymous messages.
Data & Imports
CollectionNon-people data like product catalogs you can relate to people. See below for Objects, a similar but separate feature from Collections.
ExportData export jobs and configurations
ImportData import jobs (CSV uploads, etc.)
SQL ImportDatabase syncs: these represent activities related to queries and sync frequency when you import data from a database.
SQL Import Database DefinitionDatabase connection configurations for SQL imports
Design Studio
Design Studio Element (Folder, Component, Template or Email)Individual content blocks/components in Design Studio
Design Studio Global StylesShared styling (colors, fonts) across Design Studio templates
Design Studio VersionVersion history of Design Studio templates
Integrations
Custom FormForm configurations for capturing user data
Custom SMTPCustom email sending server configuration
IntegrationIntegrations with third-party services like Slack, Twilio, etc. This activity covers integrations available in your workspace settings. It does not include activities for most items under Data & Integrations > Integrations.
Webhook ConfigurationOutbound webhook endpoints for external integrations
Messaging
Anonymous MessageOne-time in-app messages sent to unidentified users
CampaignAutomated messaging workflows triggered by events, segments, and more
Campaign ActionIndividual steps/actions within a campaign (email, webhook, delay, etc.)
People & Objects
Object DeletionDeletion of custom objects
Object TypeCustom object definitions (e.g., companies, orders, products)
Profile DeletionIndividual customer profile deletions
Profile MergeMerging of duplicate customer profiles
Profile ShortcutQuick access shortcuts to specific customer profiles
Segments & Audiences
Ad AudienceGoogle & Facebook Ad Sync
Ad Audience CredentialsAuthentication for Data Pipelines audience connections
SegmentDynamic groups of customers based on attributes/behavior
Settings
DomainEmail sending domains and DNS configuration
Sender IdentityVerified phone or email sender addresses and names
Subscription Center SettingsCustomer preference center configuration
Subscription TopicEmail subscription categories customers can opt in/out of
TagLabels for organizing campaigns, segments, and templates

What data’s not available?

For now, you’ll have to reach out to support to audit events for most items under Data & Integrations > Integrations. The Integrations category mostly accounts for activities related to workspace-level settings, like message integrations (SMS/Twilio, Email/SMTP, Webhooks, and so on).

Click Need help? and choose Get help with an issue to submit a request.

Send us feedback

Click Feedback to let us know what you need to better audit your account and workspaces.

Copied to clipboard!
  Contents