`GET /api/v1/audit` — query the audit log. Available to any authenticated operator.
GET
/api/v1/audit
const url = 'https://example.com/api/v1/audit';const options = {method: 'GET'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request GET \ --url https://example.com/api/v1/auditParameters
Section titled “ Parameters ”Query Parameters
Section titled “Query Parameters ” agent
string
Filter by agent node ID or operator-assigned name.
operator
string
Filter by operator ID or username.
event_type
string
Filter by exact dotted event type.
category
string
Filter by event type prefix (e.g. agent).
after
string
Earliest timestamp to include, RFC 3339 / ISO 8601.
before
string
Latest timestamp to include (exclusive), RFC 3339 / ISO 8601.
cursor
string
Pagination cursor (a ULID — the last event ID from the previous page).
limit
integer
Maximum events per page (default 50, max 500).
Responses
Section titled “ Responses ”Audit log page
Media type application/json
Response body for GET /api/v1/audit.
object
events
required
Array<object>
One event in the response body of GET /api/v1/audit.
object
actor
required
Actor or target representation in audit responses.
object
id
required
string
name
required
string
type
required
string
event_type
required
string
id
required
string
metadata
required
object
severity
required
string
summary
required
string
target
required
Actor or target representation in audit responses.
object
id
required
string
name
required
string
type
required
string
timestamp
required
string
has_more
required
boolean
next_cursor
string | null
Example generated
{ "events": [ { "actor": { "id": "example", "name": "example", "type": "example" }, "event_type": "example", "id": "example", "metadata": {}, "severity": "example", "summary": "example", "target": { "id": "example", "name": "example", "type": "example" }, "timestamp": "example" } ], "has_more": true, "next_cursor": "example"}Invalid filter or cursor