Compliance API

Programmatic access to your organization's Claude activity, chats, files, projects, and users for compliance, audit, and governance.

The Compliance API gives Claude Enterprise customers programmatic access to their organization's Activity Feed, the directory of users, roles, and groups across every linked organization, and, for claude.ai organizations, the underlying chats, files, and projects. Security, legal, and compliance teams use it to audit activity, retrieve or delete content, and feed events into downstream tooling.

The following call returns the most recent activity event in your organization. Any key with the read:compliance_activities scope can make it. To create a key and grant it that scope, see Get access to the Compliance API.

curl --fail-with-body -sS \
  "https://api.anthropic.com/v1/compliance/activities?limit=1" \
  --header "x-api-key: $ANTHROPIC_COMPLIANCE_ACCESS_KEY"

A successful response returns a JSON object containing data (an array of Activity records), has_more, first_id, and last_id:

{
  "data": [
    {
      "id": "activity_01XyDMpzjS89pFZXqSFUBDr6",
      "created_at": "2026-04-10T08:09:10Z",
      "organization_id": "org_01Wv6QeBcDfGhJkLmNpQrSt8",
      "organization_uuid": "abcdef01-2345-6789-abcd-ef0123456789",
      "actor": {
        "type": "user_actor",
        "email_address": "user@example.com",
        "user_id": "user_01TuVwXyZaBcDeFgH2JkLmN4",
        "ip_address": "192.0.2.34",
        "user_agent": "Mozilla/5.0..."
      },
      "type": "claude_chat_created",
      "claude_chat_id": "claude_chat_01XyDMpzjS89pFZXqSFUBDr6",
      "claude_project_id": "claude_proj_01KGp4eZNug9ri4kE35RSppq"
    }
  ],
  "has_more": true,
  "first_id": "activity_01XyDMpzjS89pFZXqSFUBDr6",
  "last_id": "activity_01XyDMpzjS89pFZXqSFUBDr6"
}

How the Compliance API works

Every endpoint lives under /v1/compliance/* on https://api.anthropic.com and authenticates through the x-api-key header. To provision a key, see Get access to the Compliance API.

The Activity Feed (GET /v1/compliance/activities) is available to any key that carries the read:compliance_activities scope; see Query the Activity Feed for filters, pagination, and the full Activity object. The remaining endpoints require a Compliance Access Key carrying the relevant scope.

A Claude Enterprise tenant has one parent organization (the top-level container that centralizes identity) with linked organizations of two kinds: claude.ai organizations, where users chat and store content, and Claude Console organizations, where users manage Claude API workloads. The directory endpoints (organizations, users, roles, and groups) return data from every linked organization of either kind. The content endpoints (chats, files, projects, and project attachments) serve claude.ai data only.

All /v1/compliance/* endpoints share a single rate limit of 600 requests per minute per parent organization; see 429 Too Many Requests for the response headers and retry contract.

Compliance API versus related features

Two adjacent features overlap with the Compliance API; here is how to choose.

Export audit logs

The audit log export is a separate feature in claude.ai > Organization settings > Data and privacy that lets owners and primary owners download a CSV of organization events. It's significantly narrower than the Compliance API: a capped lookback window, CSV download only, and no access to chat, file, or project content. Standardize on the Compliance API for ongoing programmatic use.

Analytics API

Anthropic provides two analytics APIs: the Claude Enterprise Analytics API and the Claude Code Analytics API. Both return aggregated usage and cost figures for IT, FinOps, and platform teams, whereas the Compliance API returns per-event records for security, legal, and compliance teams. The two API families answer different questions, use different keys, and are provisioned separately.

In this section