Audit Log
Query immutable compliance audit log entries for your tenant.
GET /dashboard/audit
Returns paginated audit log entries for your tenant, ordered newest-first. Audit logs are immutable and tamper-evident.
Query parameters:
| Parameter | Type | Description |
|---|---|---|
severity | string | Filter by severity: low, medium, high, critical |
actorType | string | Filter by actor: user, system, api |
flagged | boolean | true to return only flagged entries |
page | integer | Page number (default: 1, page size: 25) |
Response:
Audit log fields
| Field | Description |
|---|---|
actorType | Who triggered the event: user (dashboard user), api (API key caller), system (automated process) |
actorId | ID of the dashboard user or "system" |
action | Dot-separated event name (see table below) |
resource | Resource type affected |
resourceId | ID of the affected resource |
severity | low, medium, high, or critical |
flagged | true if the event was automatically flagged as anomalous |
metadata | Structured context specific to the event type |
Common audit actions
| Action | Severity | Description |
|---|---|---|
api_key.rotate | high | API key was rotated |
api_key.revoke | high | API key was manually revoked |
account.config_update | medium | Tenant configuration was updated |
account.update | low | Tenant name or billing email changed |
domain.pack_update | medium | Intent permissions were updated |
quota.exceeded | critical | Monthly quota limit was hit |
quota.warning | medium | Usage reached 80% of quota |
session.created | low | A new AI session was started |
intent.blocked | medium | A disabled intent was called |
auth.login | low | Dashboard login |
auth.password_reset | medium | Password reset completed |
Audit log retention defaults to 730 days (2 years). This can be adjusted in Data Retention settings. Audit logs cannot be deleted via the API — they are immutable for compliance purposes.