Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.fireflies.ai/llms.txt

Use this file to discover all available pages before exploring further.

Overview

The auditEvents query retrieves audit events for your team. Events follow the OCSF v1.5.0 standard and cover meeting operations, team operations, user settings changes, and authentication (login/logout) events.
This query requires an Enterprise plan and the requesting user must be a team admin. See pricing for more details.

Supported Events

ActionCategoryDescription
MEETING_DELETEDMeeting OperationsA meeting was deleted
MEETING_PRIVACY_UPDATEDMeeting OperationsMeeting privacy setting was changed
MEETING_VIEWEDMeeting OperationsA meeting summary was viewed
MEETING_SHAREDMeeting OperationsA meeting was shared with someone
MEETING_DOWNLOADEDMeeting OperationsA meeting transcript or recording was downloaded
TEAMMATE_ADDEDTeam OperationsA teammate was added to the team
TEAMMATE_REMOVEDTeam OperationsA teammate was removed from the team
SETTINGS_UPDATEDUser OperationsTeam settings were updated
LOGINAuthenticationA user logged in
LOGOUTAuthenticationA user logged out

Arguments

limit
Int
default:"20"
Maximum number of events to return. Must be between 1 and 50.
cursor
String
Pagination cursor for fetching the next page of results. Use the next_cursor value from a previous response.
filters
AuditEventFiltersInput
required
Filters for the query. The category field is required.

Response Fields

events
[AuditEvent]
List of audit events matching the query.
has_more
Boolean
Indicates if there are more results available.
next_cursor
String
Cursor to use for fetching the next page of results.

Usage Example

query AuditEvents($limit: Int, $filters: AuditEventFiltersInput!) {
  auditEvents(limit: $limit, filters: $filters) {
    events {
      id
      time
      category
      action
      severity
      status
      message
      actor {
        user_id
        email
        full_name
        ip_address
      }
      resource {
        type
        id
      }
      metadata
    }
    has_more
    next_cursor
  }
}

curl -X POST \
    -H "Content-Type: application/json" \
    -H "Authorization: Bearer your_api_key" \
    --data '{ "query": "query { auditEvents(limit: 10, filters: { category: MEETING_OPERATIONS }) { events { id time action actor { user_id } resource { type id } } has_more next_cursor } }" }' \
    https://api.fireflies.ai/graphql

{
  "data": {
    "auditEvents": {
      "events": [
        {
          "id": "682e3a1b-f4c2-4d9a-b1e7-8c5d3f2a1b0c",
          "time": "2026-04-25T10:30:00.000Z",
          "category": "MEETING_OPERATIONS",
          "action": "MEETING_SHARED",
          "severity": "informational",
          "status": "success",
          "message": "share_meeting by alice@example.com",
          "actor": {
            "user_id": "user_abc123",
            "email": "alice@example.com",
            "full_name": "Alice Johnson",
            "ip_address": "192.168.1.1"
          },
          "resource": {
            "type": "meeting",
            "id": "01K8DV541XM97WMGRCX66TPSWG"
          },
          "metadata": "{\"shareType\":\"email\",\"inviteeCount\":\"2\"}"
        },
        {
          "id": "7a1c4d5e-2b3f-4a8c-9d0e-1f2a3b4c5d6e",
          "time": "2026-04-25T09:15:00.000Z",
          "category": "MEETING_OPERATIONS",
          "action": "MEETING_DELETED",
          "severity": "informational",
          "status": "success",
          "message": "delete_meeting by bob@example.com",
          "actor": {
            "user_id": "user_def456",
            "email": "bob@example.com",
            "full_name": "Bob Smith",
            "ip_address": null
          },
          "resource": {
            "type": "meeting",
            "id": "01L2XY789ABC"
          },
          "metadata": null
        }
      ],
      "has_more": true,
      "next_cursor": "eyJpZCI6IjdhMWM0ZDVlIn0="
    }
  }
}

Pagination

Use cursor-based pagination to fetch additional results: 
query {
  auditEvents(limit: 20, cursor: "eyJpZCI6IjdhMWM0ZDVlIn0=", filters: { category: MEETING_OPERATIONS }) {
    events {
      id
      time
      action
    }
    has_more
    next_cursor
  }
}

OCSF Compliance

All events conform to the OCSF v1.5.0 standard. The class_uid, activity_id, and type_uid fields map directly to OCSF event classification, enabling integration with SIEM tools and compliance pipelines.
ActionOCSF Classclass_uidactivity_id
MEETING_DELETEDAPI Activity60034
MEETING_PRIVACY_UPDATEDEntity Management30043
MEETING_VIEWEDWeb Resource Activity60012
MEETING_SHAREDUser Access Management30051
MEETING_DOWNLOADEDWeb Resource Activity60017
TEAMMATE_ADDEDUser Access Management30051
TEAMMATE_REMOVEDUser Access Management30052
SETTINGS_UPDATEDEntity Management30043
LOGINAuthentication30021
LOGOUTAuthentication30022

Error Codes

List of possible error codes that may be returned by the auditEvents query. Full list of error codes can be found here.

You need to be a team admin to query audit events.

The audit service is temporarily unavailable. Please try again later.

Additional Resources

Transcripts

Querying list of transcripts

Rule Executions

Querying automation rule executions