Audit Logs

Audit logs capture security-relevant events — sign-ins, permission changes, scope-set edits, API-key creations, and similar operations that should be reviewable for compliance and forensics.

This is distinct from System Logs, which capture operational telemetry (errors, warnings, info traces). If you need to answer "who did what when" — this is the right surface.

Scopes

Scope	Reach
`audit:read`	Listing, reading audit logs, viewing filters.
`audit:write`	Deleting audit log entries.

WARNING

Deletion exists for tenant data-retention workflows but should be considered a last resort — audit logs are the platform's tamper-resistant trail of security-sensitive actions. Many compliance regimes require they be retained for fixed periods. Confirm with your operators or compliance team before bulk-deleting.

Endpoints

List Audit Logs

GET /api/logging/audit/

Returns a page of audit-log entries.

Required scope: audit:read · also accepts API key

Query parameters — standard pagination set; see Conventions › Pagination. Defaults: sort_by=timestamp, sort_order=desc. (No hydrate flag on this resource.)

Response 200 — AuditLogInDbCursorPage

Get Audit Log Filter Metadata

GET /api/logging/audit/filters

Returns filter/operator/sort options for List Audit Logs.

Required scope: audit:read

Response 200 — open metadata object.

Get Audit Log by ID

GET /api/logging/audit/{id}

Returns a single audit-log entry.

Required scope: audit:read · also accepts API key

Path parameters

Name	Type	Required	Description
`id`	string	yes	Audit log ID.

Response 200 — AuditLogRead

Delete Audit Log by ID

DELETE /api/logging/audit/{id}

Permanently removes an audit-log entry.

Required scope: audit:write

Path parameters

Name	Type	Required	Description
`id`	string	yes	Audit log ID.

Response 204 — empty.

Audit Logs ​

Scopes ​

Endpoints ​

List Audit Logs ​

Get Audit Log Filter Metadata ​

Get Audit Log by ID ​

Delete Audit Log by ID ​

See also ​