Device Management
Endpoint Detection & Response
Vulnerability Management
Kai
Liftoff
Prism
Migration Agent
Auto Apps
Passport
Compliance
Assignment Maps
Managed OS
Integrations
Mac
iPhone and iPad
Apple TV
Vision Pro
Financial Services
Technology
Artificial Intelligence
Marketing Agencies
Resources Hub
Kandji Blog
Customer Stories
Mac Admins Community
Security Details
MDM Comparison Guide
Customer Support
Product Updates
Kandji Status
Customer Login
Register a Deal
Become a Partner
Partner Portal
About Kandji
News & Press
Careers
Contact
Why Kandji?
Back to Product UpdatesNew API Endpoint: /api/v1/audit/events This endpoint allows you to query and export tenant-level audit events for use in external systems, supporting your reporting, logging, and compliance needs.
The Audit Log Events API provides visibility into critical activities across your Kandji environment, including:
- Blueprint and Library Item creation, updates, and deletions
- Access to sensitive data (such as FileVault keys and recovery keys)
- Device lifecycle events (enrollment, deletion, MDM removal, blueprint changes)
- User directory events (including directory user deletions)
- Administrative actions (tenant owner updates, API token management)
- Admin user management activities
- Vulnerability management detections and remediations (for customers with this feature)
This API endpoint complements our existing Activity module by providing programmatic access to audit events, enabling integration with security information and event management (SIEM) systems or other monitoring tools.
Device-level events remain available through their respective API endpoints.
Note: The additional net-new events (API token CUD, Admin user CUD, API actions, User directory user delete) in the audit events API won’t yet appear in the Activity UI—we’re working to update the UI to surface events from this new API.
