Compliance API

The Compliance API gives Claude Enterprise customers programmatic access to their organization's Activity Feed, the directory of users, roles, and groups across every linked organization, and, for claude.ai organizations, the underlying chats, files, and projects. Security, legal, and compliance teams use it to audit activity, retrieve or delete content, and feed events into downstream tooling.

The following call returns the most recent activity event in your organization. Any key with the read:compliance_activities scope can make it. To create a key and grant it that scope, see Get access to the Compliance API.

curl --fail-with-body -sS \
  "https://api.anthropic.com/v1/compliance/activities?limit=1" \
  --header "x-api-key: $ANTHROPIC_COMPLIANCE_ACCESS_KEY"

A successful response returns a JSON object containing data (an array of Activity records), has_more, first_id, and last_id:

{
  "data": [
    {
      "id": "activity_01XyDMpzjS89pFZXqSFUBDr6",
      "created_at": "2026-04-10T08:09:10Z",
      "organization_id": "org_01Wv6QeBcDfGhJkLmNpQrSt8",
      "organization_uuid": "abcdef01-2345-6789-abcd-ef0123456789",
      "actor": {
        "type": "user_actor",
        "email_address": "[email protected]",
        "user_id": "user_01TuVwXyZaBcDeFgH2JkLmN4",
        "ip_address": "192.0.2.34",
        "user_agent": "Mozilla/5.0..."
      },
      "type": "claude_chat_created",
      "claude_chat_id": "claude_chat_01XyDMpzjS89pFZXqSFUBDr6",
      "claude_project_id": "claude_proj_01KGp4eZNug9ri4kE35RSppq"
    }
  ],
  "has_more": true,
  "first_id": "activity_01XyDMpzjS89pFZXqSFUBDr6",
  "last_id": "activity_01XyDMpzjS89pFZXqSFUBDr6"
}

Two key types can carry the read:compliance_activities scope; they differ in where you create them and which endpoints they unlock. For the full provisioning flow, scopes, and key prefixes, see Get access to the Compliance API.

How the Compliance API works

Every endpoint lives under /v1/compliance/* on https://api.anthropic.com and authenticates through the x-api-key header. The Activity Feed (GET /v1/compliance/activities) is the shared endpoint available to any key that carries the read:compliance_activities scope; see Query the Activity Feed for filters, pagination, and the full Activity object. The remaining endpoints require a Compliance Access Key carrying the relevant scope. The directory endpoints (organizations, users, roles, and groups) return data from every linked organization under the parent, including Claude Console-linked organizations; the content endpoints (chats, files, projects, and project attachments) serve claude.ai data only. To provision a key, see Get access to the Compliance API.

Compliance API versus related features

Two adjacent features overlap with the Compliance API; here is how to choose.

Export audit logs

The audit log export is a separate feature in claude.ai > Organization settings > Data and privacy that lets owners and primary owners download a CSV of organization events. It's significantly narrower than the Compliance API: a capped lookback window, CSV download only, and no access to chat, file, or project content. Standardize on the Compliance API for ongoing programmatic use.

Analytics API

Anthropic provides two analytics APIs: the Claude Enterprise Analytics API and the Claude Code Analytics API. Both return aggregated usage and cost figures for IT, FinOps, and platform teams, while the Compliance API returns per-event records for security, legal, and compliance teams. The two API families answer different questions, use different keys, and are provisioned separately.

In this section