Audit Logs

Name: Audit Logs API
Brand: Audit Logs
Availability: InStock

✓ Official Vendor SpecSecurityComplianceoauth2, apiKey3 EndpointsREST

For Agents

Read HubSpot portal login, audit, and security activity for compliance monitoring, SIEM ingestion, and incident investigation.

Quickstart

Get started with Audit Logs in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"list recent hubspot audit log entries"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with Audit Logs API.

Retrieve recent successful login activity for users on a HubSpot portal

Pull audit-log entries showing user actions on the portal

Read security-history entries such as password changes and 2FA updates

Filter activity by user id and time window for incident investigation

Page through activity records to feed a SIEM or warehouse

GET STARTED

Start building with Audit Logs API

Explore with Jentic

View OpenAPI Spec

Use Cases

Patterns agents use Audit Logs API for, with concrete tasks.

★ Feed HubSpot activity into a SIEM

A security team that consolidates events in Splunk or another SIEM can poll the three audit endpoints on a schedule and forward each record. GET /account-info/v3/activity/login returns successful logins, GET /account-info/v3/activity/audit-logs returns user-action audit records, and GET /account-info/v3/activity/security returns security events. The endpoints are paginated, so the poller advances through results until it reaches the last seen timestamp.

Call GET /account-info/v3/activity/audit-logs with occurredAfter set to the last sync timestamp, page through results, and forward each entry to the SIEM

Investigate a suspicious user action

When a HubSpot admin sees an unexpected change, an investigator can query GET /account-info/v3/activity/audit-logs filtered by user id to retrieve every action that user took, then cross-reference GET /account-info/v3/activity/security for password or 2FA changes. The combined timeline supports an incident response without leaving the API.

Call GET /account-info/v3/activity/audit-logs with userId=98765 for the last 7 days, then GET /account-info/v3/activity/security for the same user to assemble a timeline

Compliance reporting for SOC 2 evidence

SOC 2 evidence often requires periodic exports of administrative activity. The audit-logs endpoint returns the list of user actions on the portal, the security endpoint surfaces password and 2FA changes, and the login endpoint confirms access patterns. Together they form an evidence pack that can be archived monthly.

Schedule a monthly job that pulls all three endpoints for the previous calendar month and stores the JSON exports in evidence storage

Agent integration via Jentic

A compliance agent can answer 'who logged into HubSpot this morning' by calling the login endpoint through Jentic. The agent searches for the operation, loads the schema, executes with a since timestamp, and summarises the results. The HubSpot credential stays in the Jentic vault.

Search Jentic for 'list hubspot login activity', load GET /account-info/v3/activity/login, and execute with occurredAfter=this morning's ISO timestamp

Key Endpoints

3 endpoints — the hubspot audit logs api returns user-activity records for a hubspot portal — successful logins, audit events, and security-history entries such as password changes and two-factor updates.

METHOD

PATH

DESCRIPTION

GET

/account-info/v3/activity/login

Retrieve login activity for the portal

GET

/account-info/v3/activity/audit-logs

Retrieve audit-log entries

GET

/account-info/v3/activity/security

Retrieve security-history events

GET

/account-info/v3/activity/login

Retrieve login activity for the portal

GET

/account-info/v3/activity/audit-logs

Retrieve audit-log entries

GET

/account-info/v3/activity/security

Retrieve security-history events

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

OAuth access tokens and private app tokens for HubSpot are stored encrypted in the Jentic vault. Audit log calls run through scoped session tokens so the raw HubSpot credential never enters the agent's context.

Intent-based discovery

Agents search Jentic with intents like 'list hubspot login activity since yesterday' and Jentic returns the matching GET /account-info/v3/activity/login operation with its input schema.

Time to first call

Direct integration: half a day to wire OAuth, pagination, and SIEM forwarding. Through Jentic: about an hour — search, load, execute against the three activity endpoints.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Complementary

HubSpot Account Info

Account Info returns portal metadata that contextualises audit log entries

Use alongside Audit Logs to label activity with portal identifying details

Complementary

HubSpot OAuth

Inspect and refresh the access tokens used to call the audit endpoints

Use to verify or rotate the OAuth credential calling Audit Logs

Alternative

Okta API

Okta exposes its own system log API for SSO-driven audit evidence

Choose Okta when the source of truth for user identity and login activity is Okta rather than HubSpot

Alternative

Auth0 Management API

Auth0 Logs API surfaces authentication and admin events for tenants using Auth0

Choose Auth0 when authentication is centralised in Auth0 rather than HubSpot's native login

FAQs

Specific to using Audit Logs API through Jentic.

What authentication does the HubSpot Audit Logs API use?

The spec defines two security schemes: OAuth 2.0 access tokens and private app tokens sent in the private-app header. Read access to audit and security history requires the corresponding scope on the OAuth token or the private app. Through Jentic the credential is stored encrypted in the vault.

Can I filter audit-log entries by user with this API?

Yes. GET /account-info/v3/activity/audit-logs supports filter parameters including userId and time-window parameters such as occurredAfter and occurredBefore, so an investigation can isolate one user's activity over a specific window.

What are the rate limits for the HubSpot Audit Logs API?

The spec does not declare a per-endpoint limit. Audit log calls count against the standard HubSpot per-account limit of around 100 requests per 10 seconds for OAuth and private apps. Polling jobs should respect that ceiling and use pagination cursors to walk results.

How do I retrieve login activity through Jentic?

Search Jentic for 'list hubspot login activity', load the schema for GET /account-info/v3/activity/login, and execute with occurredAfter set to the last sync timestamp. Jentic returns the paginated JSON response.

Is the HubSpot Audit Logs API available on every plan?

Audit log access is gated by HubSpot plan tier. Enterprise plans expose the full set of audit and security activity, while Professional plans expose a reduced set. Calls on lower tiers may return 403 even with valid credentials.

Can I write audit log entries through this API?

No. All three endpoints are GET requests. The Audit Logs API is read-only — HubSpot writes audit entries automatically when users perform actions in the portal.