Skip to main content
GET
/
audit-logs
List audit log events
curl --request GET \
  --url https://api.altostrat.io/audit-logs \
  --header 'Authorization: Bearer <token>'
{
  "data": [
    {
      "log_id": "log_2zqrA8B3C4d5E6f7g8h9I0jKlMn",
      "organization_id": "org_xWl6uERh4pBpJxhA",
      "workspace_id": "ws_sz4e50hmqKgjxwiYsK",
      "user_id": "auth0|9b6efd7459f548c8bb542fe81568791f",
      "name": "Jane Doe",
      "email": "jane.doe@altostrat.io",
      "session_id": "sess_a1b2c3d4e5f6a7b8",
      "event_time": "2025-10-29T12:26:01.123Z",
      "method": "PUT",
      "endpoint": "/api/v1/projects/proj_A7Bkj29s/settings",
      "status_code": 200,
      "status_code_type": "2xx",
      "ip_address": "188.45.21.109",
      "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36",
      "frontend_page": "/projects/proj_A7Bkj29s/settings/general",
      "request_payload": {
        "name": "My Awesome Updated Project",
        "visibility": "private"
      },
      "response_payload": {
        "status": "success",
        "message": "Project settings updated successfully."
      },
      "request_id": "req_abc123xyz789-test-01",
      "ttl": 1766862361
    }
  ],
  "pagination": {
    "count": 25,
    "limit": 25,
    "cursor": "eyJQSyI6eyJTIjoiT1JH...In0sInNrIjp7IlMiOiJMT0cj...In19",
    "has_more": true
  },
  "filters": {
    "start_date": "2025-10-01",
    "http_verb": "PUT",
    "limit": 25
  },
  "query_info": {
    "scanned_count": 150,
    "query_time_seconds": 0.082
  },
  "warnings": [
    "Results may be incomplete when using search_term due to query limitations. Use more specific, indexed filters for comprehensive results."
  ],
  "context": {
    "requesting_user_id": "auth0|5a4b3c2d1e0f9g8h7i6j5k4l",
    "requesting_workspace_id": "ws_abc123def456ghi789",
    "organization_id": "org_xWl6uERh4pBpJxhA",
    "timestamp": "2025-10-29T14:05:12.345Z"
  }
}

Authorizations

โ€‹
Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Query Parameters

โ€‹
start_date
string<date>

The start date for the query range, inclusive. Format: YYYY-MM-DD.

Example:

"2025-10-01"

โ€‹
end_date
string<date>

The end date for the query range, inclusive. Must be on or after start_date. Format: YYYY-MM-DD.

Example:

"2025-10-31"

โ€‹
user_id
string

Filter events to a specific user by their unique identifier.

Example:

"auth0|9b6efd7459f548c8bb542fe81568791f"

โ€‹
workspace_id
string

Filter events to a specific workspace by its unique identifier.

Example:

"ws_sz4e50hmqKgjxwiYsK"

โ€‹
http_verb
string

Filter by HTTP method (e.g., POST, DELETE). To exclude a method, prefix it with an exclamation mark (e.g., !GET).

Example:

"POST"

โ€‹
status_code
integer

Filter by a specific HTTP status code.

Required range: 100 <= x <= 599
Example:

404

โ€‹
endpoint
string

Filter by the API endpoint path. This is a prefix search (e.g., /api/v1/users will match /api/v1/users/usr_123).

Example:

"/api/v1/projects"

โ€‹
search_term
string

A free-text search term. This will search across fields like endpoint, user name, email, IP address, and request/response payloads. Note: Using search_term may be less performant than indexed filters.

Example:

"user login failed"

โ€‹
ip_address
string<ipv4>

Filter events originating from a specific IP address.

Example:

"198.51.100.14"

โ€‹
cursor
string

An opaque string that identifies the starting point for the next page of results. Get this value from the pagination.cursor field of a previous response.

Example:

"eyJQSyI6eyJTIjoiT1JH...In0sInNrIjp7IlMiOiJMT0cj...In19"

โ€‹
limit
integer
default:25

A limit on the number of objects to be returned, between 1 and 100. The default is 25.

Required range: 1 <= x <= 100
Example:

50

โ€‹
sort_order
enum<string>
default:desc

The order in which to sort the results. desc for most recent first, asc for oldest first.

Available options:
asc,
desc
Example:

"desc"

Response

A paginated list of audit log events matching the query.

โ€‹
data
object[]
โ€‹
pagination
object
โ€‹
filters
object

The filters that were applied to this query.

Example:
{
  "start_date": "2025-10-01",
  "http_verb": "PUT",
  "limit": 25
}
โ€‹
query_info
object

Metadata about the query execution.

โ€‹
warnings
string[]

A list of warnings about the query, such as when using potentially incomplete filters.

Example:
[
  "Results may be incomplete when using search_term due to query limitations. Use more specific, indexed filters for comprehensive results."
]
โ€‹
context
object

Contextual information about the API request itself.