Greenhouse

Greenhouse Audit Log API

The Audit Log API exposes important administrative events from the prior 30 days for governance, compliance, and incident response. JWT bearer authentication (24h validity) issued from the Harvest /auth/jwt_access_token endpoint. Pro-tier offering.

Greenhouse Audit Log API is one of 8 APIs that Greenhouse publishes on the APIs.io network, described by a machine-readable OpenAPI specification.

This API exposes 1 machine-runnable capability that can be deployed as REST, MCP, or Agent Skill surfaces via Naftiko.

Tagged areas include AuditLog, Compliance, Security, Governance, and Enterprise. The published artifact set on APIs.io includes API documentation, an OpenAPI specification, authentication docs, rate-limit docs, and 1 Naftiko capability spec.

GitHub OpenAPI

Documentation

📖
Documentation
https://developers.greenhouse.io/audit-log.html
📖
Authentication
📖
RateLimits
https://developers.greenhouse.io/audit-log.html

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/greenhouse-io/refs/heads/main/openapi/greenhouse-audit-log-api-openapi.yml

Other Resources

🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/greenhouse-io/refs/heads/main/capabilities/audit-log-events.yaml
🔗
Retention

OpenAPI Specification

greenhouse-audit-log-api-openapi.yml Raw ↑ 
openapi: 3.1.0
info:
  title: Greenhouse Audit Log API
  description: |
    The Audit Log API exposes a record of important events that occurred in Greenhouse
    during the prior 30 days, including who performed each event, the event target,
    and supporting request metadata. Authentication uses a short-lived JWT obtained
    from POST https://harvest.greenhouse.io/auth/jwt_access_token using a Harvest API key.
    Rate limits: 50 requests / 10s on standard reads, 3 requests / 30s on paginated reads.
  version: "1.0.0"
  contact:
    name: Greenhouse Software
    url: https://www.greenhouse.com
    email: [email protected]
servers:
  - url: https://auditlog.us.greenhouse.io
    description: US Production
  - url: https://harvest.greenhouse.io/auth
    description: JWT token issuer (Harvest)

security:
  - BearerAuth: []

tags:
  - name: Auth
    description: JWT access token issuance.
  - name: Events
    description: Audit log events.

paths:
  /jwt_access_token:
    post:
      tags: [Auth]
      summary: Issue Audit Log Access Token
      description: Exchanges a Harvest API key (HTTP Basic) for a JWT bearer token valid for 24 hours.
      operationId: issueAuditAccessToken
      servers:
        - url: https://harvest.greenhouse.io/auth
      security:
        - HarvestBasic: []
      responses:
        '200':
          description: Token issued.
          content:
            application/json:
              schema:
                type: object
                properties:
                  access_token: { type: string }
                  token_type: { type: string, example: Bearer }
                  expires_in: { type: integer, description: Seconds until expiration. }

  /events:
    get:
      tags: [Events]
      summary: List Audit Events
      description: Returns audit events filtered by performer, target, event type, request, and time range.
      operationId: listAuditEvents
      parameters:
        - name: before_time
          in: query
          schema: { type: string, format: date-time }
        - name: after_time
          in: query
          schema: { type: string, format: date-time }
        - name: date
          in: query
          schema: { type: string, format: date }
        - name: magic_time
          in: query
          description: Relative time keyword (e.g. last_24_hours, last_7_days).
          schema: { type: string }
        - name: performer_ids
          in: query
          schema:
            type: array
            items: { type: integer }
          style: form
          explode: false
        - name: performer_types
          in: query
          schema:
            type: array
            items: { type: string, enum: [User, ApiKey, System] }
          style: form
          explode: false
        - name: performer_ip_addresses
          in: query
          schema:
            type: array
            items: { type: string }
          style: form
          explode: false
        - name: event_types
          in: query
          schema:
            type: array
            items: { type: string }
          style: form
          explode: false
        - name: event_target_ids
          in: query
          schema:
            type: array
            items: { type: integer }
          style: form
          explode: false
        - name: event_target_types
          in: query
          schema:
            type: array
            items: { type: string }
          style: form
          explode: false
        - name: request_ids
          in: query
          schema:
            type: array
            items: { type: string }
          style: form
          explode: false
        - name: request_types
          in: query
          schema:
            type: array
            items: { type: string, enum: [API, UI, JobBoard, Webhook] }
          style: form
          explode: false
        - name: paging
          in: query
          description: Opaque pagination cursor returned by a previous response.
          schema: { type: string }
      responses:
        '200':
          description: Audit events.
          content:
            application/json:
              schema:
                type: object
                properties:
                  events:
                    type: array
                    items: { $ref: '#/components/schemas/AuditEvent' }
                  paging:
                    type: object
                    properties:
                      next: { type: string, nullable: true }
        '429':
          description: Rate limit exceeded.

components:
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
    HarvestBasic:
      type: http
      scheme: basic

  schemas:
    AuditEvent:
      type: object
      properties:
        id: { type: string }
        event_type: { type: string }
        occurred_at: { type: string, format: date-time }
        performer:
          type: object
          properties:
            id: { type: integer }
            type: { type: string }
            ip_address: { type: string }
            email: { type: string, format: email, nullable: true }
        event_target:
          type: object
          properties:
            id: { type: integer }
            type: { type: string }
        request:
          type: object
          properties:
            id: { type: string }
            type: { type: string }
            method: { type: string }
            path: { type: string }
            user_agent: { type: string }
        changes:
          type: array
          items:
            type: object
            properties:
              field: { type: string }
              old_value: {}
              new_value: {}