Programmatic access to "API Access Audit" data via GraphQL

I’m implementing some security monitoring for our Buildkite organization. The data in the API Access Audit page is very valuable, but I cannot retrieve similar information via the GraphQL (or REST) API in a way that lets me build automated alerts.

I can work around aspects of this by searching for USER_API_ACCESS_TOKEN_ORGANIZATION_ACCESS_ADDED events in the audit log, but this is still missing some data. In particular the last used timestamp and IP address information for each token would be very valuable.

Hey Matt,

The USER_API_ACCESS_TOKEN_ORGANIZATION_ACCESS_ADDED event is generated at the time the token is added, The audit events are immutable so we won’t be able to use it to retrieve the last used timestamp and IP address.

However, we’ve taken onboard the feedback around accessing the API Access Audit page via the GraphQL API.