> ## Documentation Index > Fetch the complete documentation index at: https://docs.contraforce.com/llms.txt > Use this file to discover all available pages before exploring further. # List directory logs ## OpenAPI ````yaml /api-reference/openapi.json get /api/v2/workspaces/{workspaceId}/investigation/users/directory-logs openapi: 3.1.1 info: title: ContraForce API description: ContraForce platform API for security operations management. version: '2.0' servers: [] security: [] tags: - name: Incidents - name: Gamebooks - name: Data sources - name: Service tickets - name: Investigation - name: Cross-workspace incidents - name: Cross-workspace gamebooks - name: Cross-workspace data sources - name: Webhooks - name: Service accounts - name: Users - name: Azure resources paths: /api/v2/workspaces/{workspaceId}/investigation/users/directory-logs: get: tags: - Investigation summary: List directory logs operationId: v2-list-directory-logs parameters: - name: workspaceId in: path required: true schema: type: string format: uuid - name: UserId in: query schema: type: string - name: TimeFilteringType in: query required: true schema: $ref: '#/components/schemas/TimeFilteringType' - name: StartDate in: query schema: type: string format: date-time - name: EndDate in: query schema: type: string format: date-time - name: NextPageLink in: query schema: type: string - name: EntityName in: query schema: type: string - name: ResourceId in: query schema: type: string - name: ResourceName in: query schema: type: string responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/ApiResponseOfAuditLogsResultDto' '400': description: Bad request — validation or parameter binding failed. content: application/problem+json: schema: $ref: '#/components/schemas/ApiProblemDetails' '401': description: Unauthorized — missing or invalid Bearer token. content: application/problem+json: schema: $ref: '#/components/schemas/ApiProblemDetails' '403': description: Forbidden — insufficient scope or workspace access. content: application/problem+json: schema: $ref: '#/components/schemas/ApiProblemDetails' '404': description: Not found — workspace or resource is missing. content: application/problem+json: schema: $ref: '#/components/schemas/ApiProblemDetails' '500': description: Internal server error. content: application/problem+json: schema: $ref: '#/components/schemas/ApiProblemDetails' components: schemas: TimeFilteringType: enum: - ThreeHours - SixHours - TwelveHours - TwentyFourHours - FourtyEightHours - Custom - null ApiResponseOfAuditLogsResultDto: type: object properties: data: $ref: '#/components/schemas/AuditLogsResultDto' meta: $ref: '#/components/schemas/ResponseMeta' description: Standard v2 API response envelope for single-item responses. ApiProblemDetails: type: object properties: type: type: - 'null' - string title: type: - 'null' - string status: pattern: ^-?(?:0|[1-9]\d*)$ type: - 'null' - integer - string format: int32 detail: type: - 'null' - string instance: type: - 'null' - string code: type: - 'null' - string requestId: type: - 'null' - string timestamp: type: - 'null' - string target: type: - 'null' - string errors: type: - 'null' - object additionalProperties: type: array items: type: string description: "API extension of ProblemDetails that surfaces the stable error code,\r\ntrace identifier, timestamp, optional target, and optional field-keyed validation\r\nerror map alongside the RFC 7807 members." AuditLogsResultDto: type: object properties: items: type: - 'null' - array items: $ref: '#/components/schemas/AuditLogItemDto' description: The user audit log items. nextPageLink: type: - 'null' - string description: The link to load the next page of user audit logs. message: type: - 'null' - string description: "A consumer-neutral message describing why data could not be retrieved.\r\nPresent when bool AuditLogsResultDto.CanRetrieveData is `false`." canRetrieveData: type: boolean description: "Indicates whether the handler was able to retrieve the requested data.\r\nWhen `false`, callers should check string AuditLogsResultDto.Message for the reason\r\nand avoid retrying the same request without addressing the underlying cause." ResponseMeta: type: object properties: requestId: type: - 'null' - string timestamp: type: - 'null' - string AuditLogItemDto: type: object properties: date: type: string format: date-time service: type: - 'null' - string activity: type: - 'null' - string category: type: - 'null' - string status: type: - 'null' - string statusReason: type: - 'null' - string targetResources: type: - 'null' - array items: type: string targets: type: - 'null' - string actor: type: - 'null' - string ````