Audit log API
GET /identity/organizations/:orgSlug/audit-log
Requires IdentityOrgPermission.MembersView.
For the conceptual model — what’s logged, how to use it for security and compliance — read Audit log. This page is the route reference.
Query params
| Param | Type | Default | Notes |
|---|---|---|---|
action | string | (any) | Exact match. e.g. oidcClient.created. |
actorUserId | string | (any) | Filter by who did it. |
resourceType | string | (any) | e.g. oidcClient, brand, webhook. |
resourceId | string | (any) | Filter to a single resource’s history. |
since | ISO 8601 | (any) | Inclusive lower bound. |
until | ISO 8601 | (any) | Exclusive upper bound. |
limit | 1–200 | 50 | Page size. |
offset | number | 0 | Skip first N matches. |
Response
{
items: Array<{
id: string // 'log_…'
org: string
actorUserId: string | null // null for system actions
action: string
resourceType: string
resourceId: string
metadata?: Record<string, unknown>
timestamp: string
}>
total: number // matching the filter, not just this page
}total is the count matching the filter (regardless of limit /
offset), so you can build accurate pagination UIs.
Examples
Who created this app?
GET /identity/organizations/acme/audit-log
?action=oidcClient.created&resourceId=client_abcRole changes for a user this week
GET /identity/organizations/acme/audit-log
?action=member.role.changed
&resourceId=user_xyz
&since=2026-05-28T00:00:00ZAll actions by a user in the last 24 hours
GET /identity/organizations/acme/audit-log
?actorUserId=user_xyz
&since=2026-06-03T00:00:00Z
&limit=200Retention
Audit log entries are retained per the org’s billing tier:
| Tier | Retention floor |
|---|---|
| Identity (free) | 30 days |
| Brand | 90 days |
| Federation | 1 year |
| Authority | unlimited |
Records older than the tier limit are pruned by a daily job; deletion is permanent. For longer retention, subscribe to webhooks (which fire synchronously with the audit log writes) and ship to your own log store.
Performance
- Index on
(org, timestamp)so date-range queries are fast. - Index on
(org, actorUserId, timestamp)so actor history queries are fast. - Other filter combinations may scan. For high-cardinality queries, consider exporting to your own analytics store via webhooks.
Rate limits
| Endpoint | Limit |
|---|---|
GET /audit-log | 60/min/org |
The default limit=50 is plenty for most product UIs. Higher limits
are available but counted against the rate budget.
Last updated on