Retrieving audit logs in Zoho CRM is straightforward via a single GET endpoint that returns a paginated history of account activity. Here is what you need to know to call it correctly.
Why this matters
Audit logs give administrators visibility into who changed what and when inside a Zoho CRM organisation. You would need this when investigating unexpected data changes, preparing for a compliance review, or simply keeping a record of user activity over time. Without programmatic access to these logs, tracking down the source of a data issue can be time-consuming and error-prone.
Step-by-step
Step 1. Ensure you have a valid OAuth 2.0 access token for your Zoho CRM organisation. The token is obtained by completing the standard Zoho OAuth flow, which returns an accesstoken alongside an expiresin value (typically 3600 seconds). Store the expiry timestamp so you can refresh before making the audit log request. [3]
Step 2. Make a GET request to the /settings/auditlog endpoint. This is the dedicated operation — labelled internally as getaudit_log — that sits under the Backup & History category of the Zoho CRM settings API. [1]
GET /settings/audit_logStep 3. Pass any required query parameters using the p dictionary (or equivalent query string in your HTTP client). The endpoint accepts a p parameter object, so you can include pagination or filter options as key-value pairs within that structure. [1]
A minimal Python call looks like this:
# Assuming `client` is your authenticated Zoho CRM API client
response = client.request("GET", "/settings/audit_log", {})To paginate or filter, populate the parameter dictionary before passing it:
params = {"page": 1, "per_page": 50}
response = client.request("GET", "/settings/audit_log", params)Step 4. Parse the JSON response. The returned payload will contain the audit entries for your organisation. Iterate over the results and store or display them as needed for your reporting or compliance workflow. [1]
Step 5. If you are building a UI on top of this, consider constructing direct deep-links back into the Zoho CRM interface so administrators can jump straight to the relevant record. The CRM URL pattern follows https://crm.zoho.{dc}/crm/tab/{Module}/{RecordId}, where dc is your data centre suffix (e.g., com, eu, in). [4]
Common pitfalls
- Expired access token. The OAuth token expires after the
expiresinwindow. If you receive an authentication error, check whethertokenexpires_athas passed and refresh the token before retrying. [3] - Wrong data centre. Zoho operates across multiple regional data centres. If your organisation is on the EU or IN data centre, the base URL must reflect that (e.g.,
zoho.eurather thanzoho.com). Sending requests to the wrong DC will result in authentication or 404 errors. [3] [4] - Empty
pparameter. Thegetauditlogfunction defaults to an empty dictionary{}when no parameters are supplied. This is valid and will return the default page of results, but if you expect filtered data and forget to pass your filters, you will silently receive unfiltered output. [1] - Insufficient permissions. Audit log access is typically restricted to administrator-level profiles within Zoho CRM. Ensure the OAuth scopes and the CRM user profile associated with your token have the necessary settings permissions before calling this endpoint. [1]
What to check
- Token validity: Confirm your
access_tokenhas not expired and that it was issued with the correct CRM settings scope before making the request. - Data centre alignment: Verify that the base URL in your API client matches the data centre where your Zoho CRM organisation is hosted. [3] [4]
- Response pagination: Check whether the response includes pagination metadata and that you are iterating through all pages if you need a complete audit history rather than just the first page. [1]
---
*Beam Help is an independent expert support resource for Zoho users — we are not official Zoho support. For platform-level issues or billing queries, please contact Zoho directly.*