Skip to Content
API ReferenceAudit log

Audit log API

GET /identity/organizations/:orgSlug/audit-log

Requires IdentityOrgPermission.MembersView.

For the conceptual model — what’s logged, how to use it for security and compliance — read Audit log. This page is the route reference.

Query params

ParamTypeDefaultNotes
actionstring(any)Exact match. e.g. oidcClient.created.
actorUserIdstring(any)Filter by who did it.
resourceTypestring(any)e.g. oidcClient, brand, webhook.
resourceIdstring(any)Filter to a single resource’s history.
sinceISO 8601(any)Inclusive lower bound.
untilISO 8601(any)Exclusive upper bound.
limit1–20050Page size.
offsetnumber0Skip first N matches.

Response

{ items: Array<{ id: string // 'log_…' org: string actorUserId: string | null // null for system actions action: string resourceType: string resourceId: string metadata?: Record<string, unknown> timestamp: string }> total: number // matching the filter, not just this page }

total is the count matching the filter (regardless of limit / offset), so you can build accurate pagination UIs.

Examples

Who created this app?

GET /identity/organizations/acme/audit-log ?action=oidcClient.created&resourceId=client_abc

Role changes for a user this week

GET /identity/organizations/acme/audit-log ?action=member.role.changed &resourceId=user_xyz &since=2026-05-28T00:00:00Z

All actions by a user in the last 24 hours

GET /identity/organizations/acme/audit-log ?actorUserId=user_xyz &since=2026-06-03T00:00:00Z &limit=200

Retention

Audit log entries are retained per the org’s billing tier:

TierRetention floor
Identity (free)30 days
Brand90 days
Federation1 year
Authorityunlimited

Records older than the tier limit are pruned by a daily job; deletion is permanent. For longer retention, subscribe to webhooks (which fire synchronously with the audit log writes) and ship to your own log store.

Performance

  • Index on (org, timestamp) so date-range queries are fast.
  • Index on (org, actorUserId, timestamp) so actor history queries are fast.
  • Other filter combinations may scan. For high-cardinality queries, consider exporting to your own analytics store via webhooks.

Rate limits

EndpointLimit
GET /audit-log60/min/org

The default limit=50 is plenty for most product UIs. Higher limits are available but counted against the rate budget.

Last updated on