List audit log events

curl --request GET \
  --url https://api.altostrat.io/audit-logs \
  --header 'Authorization: Bearer <token>'

{
  "data": [
    {
      "log_id": "log_2zqrA8B3C4d5E6f7g8h9I0jKlMn",
      "organization_id": "org_xWl6uERh4pBpJxhA",
      "workspace_id": "ws_sz4e50hmqKgjxwiYsK",
      "user_id": "auth0|9b6efd7459f548c8bb542fe81568791f",
      "name": "Jane Doe",
      "email": "[email protected]",
      "session_id": "sess_a1b2c3d4e5f6a7b8",
      "event_time": "2025-10-29T12:26:01.123Z",
      "method": "PUT",
      "endpoint": "/api/v1/projects/proj_A7Bkj29s/settings",
      "status_code": 200,
      "status_code_type": "2xx",
      "ip_address": "188.45.21.109",
      "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36",
      "frontend_page": "/projects/proj_A7Bkj29s/settings/general",
      "request_payload": {
        "name": "My Awesome Updated Project",
        "visibility": "private"
      },
      "response_payload": {
        "status": "success",
        "message": "Project settings updated successfully."
      },
      "request_id": "req_abc123xyz789-test-01",
      "ttl": 1766862361
    }
  ],
  "pagination": {
    "count": 25,
    "limit": 25,
    "cursor": "eyJQSyI6eyJTIjoiT1JH...In0sInNrIjp7IlMiOiJMT0cj...In19",
    "has_more": true
  },
  "filters": {
    "start_date": "2025-10-01",
    "http_verb": "PUT",
    "limit": 25
  },
  "query_info": {
    "scanned_count": 150,
    "query_time_seconds": 0.082
  },
  "warnings": [
    "Results may be incomplete when using search_term due to query limitations. Use more specific, indexed filters for comprehensive results."
  ],
  "context": {
    "requesting_user_id": "auth0|5a4b3c2d1e0f9g8h7i6j5k4l",
    "requesting_workspace_id": "ws_abc123def456ghi789",
    "organization_id": "org_xWl6uERh4pBpJxhA",
    "timestamp": "2025-10-29T14:05:12.345Z"
  }
}

GET

audit-logs

curl --request GET \
  --url https://api.altostrat.io/audit-logs \
  --header 'Authorization: Bearer <token>'

{
  "data": [
    {
      "log_id": "log_2zqrA8B3C4d5E6f7g8h9I0jKlMn",
      "organization_id": "org_xWl6uERh4pBpJxhA",
      "workspace_id": "ws_sz4e50hmqKgjxwiYsK",
      "user_id": "auth0|9b6efd7459f548c8bb542fe81568791f",
      "name": "Jane Doe",
      "email": "[email protected]",
      "session_id": "sess_a1b2c3d4e5f6a7b8",
      "event_time": "2025-10-29T12:26:01.123Z",
      "method": "PUT",
      "endpoint": "/api/v1/projects/proj_A7Bkj29s/settings",
      "status_code": 200,
      "status_code_type": "2xx",
      "ip_address": "188.45.21.109",
      "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36",
      "frontend_page": "/projects/proj_A7Bkj29s/settings/general",
      "request_payload": {
        "name": "My Awesome Updated Project",
        "visibility": "private"
      },
      "response_payload": {
        "status": "success",
        "message": "Project settings updated successfully."
      },
      "request_id": "req_abc123xyz789-test-01",
      "ttl": 1766862361
    }
  ],
  "pagination": {
    "count": 25,
    "limit": 25,
    "cursor": "eyJQSyI6eyJTIjoiT1JH...In0sInNrIjp7IlMiOiJMT0cj...In19",
    "has_more": true
  },
  "filters": {
    "start_date": "2025-10-01",
    "http_verb": "PUT",
    "limit": 25
  },
  "query_info": {
    "scanned_count": 150,
    "query_time_seconds": 0.082
  },
  "warnings": [
    "Results may be incomplete when using search_term due to query limitations. Use more specific, indexed filters for comprehensive results."
  ],
  "context": {
    "requesting_user_id": "auth0|5a4b3c2d1e0f9g8h7i6j5k4l",
    "requesting_workspace_id": "ws_abc123def456ghi789",
    "organization_id": "org_xWl6uERh4pBpJxhA",
    "timestamp": "2025-10-29T14:05:12.345Z"
  }
}

Authorizations

Authorization

string

header

required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Query Parameters

start_date

string<date>

The start date for the query range, inclusive. Format: YYYY-MM-DD.

Example:

"2025-10-01"

end_date

string<date>

The end date for the query range, inclusive. Must be on or after start_date. Format: YYYY-MM-DD.

Example:

"2025-10-31"

user_id

string

Filter events to a specific user by their unique identifier.

Example:

"auth0|9b6efd7459f548c8bb542fe81568791f"

workspace_id

string

Filter events to a specific workspace by its unique identifier.

Example:

"ws_sz4e50hmqKgjxwiYsK"

http_verb

string

Filter by HTTP method (e.g., POST, DELETE). To exclude a method, prefix it with an exclamation mark (e.g., !GET).

Example:

"POST"

status_code

integer

Filter by a specific HTTP status code.

Required range: 100 <= x <= 599

Example:

404

endpoint

string

Filter by the API endpoint path. This is a prefix search (e.g., /api/v1/users will match /api/v1/users/usr_123).

Example:

"/api/v1/projects"

search_term

string

A free-text search term. This will search across fields like endpoint, user name, email, IP address, and request/response payloads. Note: Using search_term may be less performant than indexed filters.

Example:

"user login failed"

ip_address

string<ipv4>

Filter events originating from a specific IP address.

Example:

"198.51.100.14"

cursor

string

An opaque string that identifies the starting point for the next page of results. Get this value from the pagination.cursor field of a previous response.

Example:

"eyJQSyI6eyJTIjoiT1JH...In0sInNrIjp7IlMiOiJMT0cj...In19"

limit

integer

default:25

A limit on the number of objects to be returned, between 1 and 100. The default is 25.

Required range: 1 <= x <= 100

Example:

50

sort_order

enum<string>

default:desc

The order in which to sort the results. desc for most recent first, asc for oldest first.

Available options:

asc,

desc

Example:

"desc"

Response

A paginated list of audit log events matching the query.

data

object[]

Show child attributes

data.log_id

string

Unique identifier for the audit log event, prefixed with log_.

Example:

"log_2zqrA8B3C4d5E6f7g8h9I0jKlMn"

data.organization_id

string

Unique identifier for the organization, prefixed with org_.

Example:

"org_xWl6uERh4pBpJxhA"

data.workspace_id

string | null

Unique identifier for the workspace, prefixed with ws_.

Example:

"ws_sz4e50hmqKgjxwiYsK"

data.user_id

string | null

Unique identifier for the user who performed the action.

Example:

"auth0|9b6efd7459f548c8bb542fe81568791f"

data.name

string | null

The display name of the user who performed the action.

Example:

"Jane Doe"

data.email

string | null

The email address of the user who performed the action.

Example:

"[email protected]"

data.session_id

string | null

Unique identifier for the user's session.

Example:

"sess_a1b2c3d4e5f6a7b8"

data.event_time

string<date-time>

The Coordinated Universal Time (UTC) timestamp of when the event occurred.

Example:

"2025-10-29T12:26:01.123Z"

data.method

string

The HTTP method used for the action.

Example:

"PUT"

data.endpoint

string

The API endpoint that was called.

Example:

"/api/v1/projects/proj_A7Bkj29s/settings"

data.status_code

integer

The HTTP status code of the response.

Example:

200

data.status_code_type

string

A broad category for the status code (e.g., 2xx, 4xx) used for efficient filtering.

Example:

"2xx"

data.ip_address

string<ipv4>

The IP address from which the request originated.

Example:

"188.45.21.109"

data.user_agent

string | null

The user agent string of the client that made the request.

Example:

"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"

data.frontend_page

string | null

The path of the page in the frontend application where the action was initiated.

Example:

"/projects/proj_A7Bkj29s/settings/general"

data.request_payload

object

The body of the request, if any. Sensitive information may be redacted.

Example:

{
  "name": "My Awesome Updated Project",
  "visibility": "private"
}

data.response_payload

object

The body of the response, if any. Sensitive information may be redacted.

Example:

{
  "status": "success",
  "message": "Project settings updated successfully."
}

data.request_id

string | null

A unique identifier for the request, used for idempotency and tracing.

Example:

"req_abc123xyz789-test-01"

data.ttl

integer

A Unix timestamp indicating when the audit log will automatically be deleted. Logs are retained for 90 days.

Example:

1766862361

pagination

object

Show child attributes

pagination.count

integer

The number of audit log events in the data array for the current page.

Example:

25

pagination.limit

integer

The maximum number of items requested for this page.

Example:

25

pagination.cursor

string | null

An opaque string that points to the next page of results. If null, this is the last page.

Example:

"eyJQSyI6eyJTIjoiT1JH...In0sInNrIjp7IlMiOiJMT0cj...In19"

pagination.has_more

boolean

True if there are more audit log events available after this page.

Example:

true

filters

object

The filters that were applied to this query.

Example:

{
  "start_date": "2025-10-01",
  "http_verb": "PUT",
  "limit": 25
}

query_info

object

Metadata about the query execution.

Show child attributes

query_info.scanned_count

integer

The number of items DynamoDB examined before applying filters. A high number relative to pagination.count may indicate a less efficient query.

Example:

150

query_info.query_time_seconds

number<float>

The total time taken to process the query, in seconds.

Example:

0.082

warnings

string[]

A list of warnings about the query, such as when using potentially incomplete filters.

Example:

[
  "Results may be incomplete when using search_term due to query limitations. Use more specific, indexed filters for comprehensive results."
]

context

object

Contextual information about the API request itself.

Show child attributes

context.requesting_user_id

string

The ID of the user who made this API request to fetch audit logs.

Example:

"auth0|5a4b3c2d1e0f9g8h7i6j5k4l"

context.requesting_workspace_id

string

The ID of the workspace from which this API request was made.

Example:

"ws_abc123def456ghi789"

context.organization_id

string

The organization ID for which the audit logs were queried.

Example:

"org_xWl6uERh4pBpJxhA"

context.timestamp

string<date-time>

The UTC timestamp when this API response was generated.

Example:

"2025-10-29T14:05:12.345Z"

Log Out User (Legacy)

List Sites

⌘I

Getting Started

Platform & Identity

Device Management & Orchestration

Automation & AI

Network Services & Connectivity

Security & Threat Management

Monitoring & Analytics

Core Services & Utilities

List audit log events

Authorizations

Query Parameters

Response