> ## Documentation Index > Fetch the complete documentation index at: https://altostrat.io/docs/llms.txt > Use this file to discover all available pages before exploring further. # List audit log events > Retrieve a list of audit log events for your organization. This endpoint supports powerful filtering and pagination to help you find specific events for security, compliance, or debugging purposes. Results are returned in reverse chronological order (most recent first) by default. ## OpenAPI ````yaml /api/en/audit-logs.yaml get /audit-logs openapi: 3.0.3 info: title: Altostrat Audit Logs API version: 1.0.0 description: >- The Altostrat Audit Logs API is the microservice responsible for capturing, storing, and querying user and system activity across the platform. It provides a comprehensive, immutable record of all actions, serving as a critical tool for security audits, compliance checks, and troubleshooting within the Altostrat SDX platform for MikroTik networks. This API allows you to programmatically manage: - **Audit Log Events:** The individual records of an action, detailing who did what, when, and from where. - **Filtering & Searching:** The powerful query capabilities to retrieve specific logs based on various criteria like user, date, or action type. Developers use this API to integrate detailed activity tracking into their applications and to build security dashboards, compliance reports, and automated alerting systems. servers: - url: https://v1.api.altostrat.io security: - bearerAuth: [] tags: - name: Audit Logs description: Retrieve and search for audit log events within your organization. paths: /audit-logs: get: tags: - Audit Logs summary: List audit log events description: >- Retrieve a list of audit log events for your organization. This endpoint supports powerful filtering and pagination to help you find specific events for security, compliance, or debugging purposes. Results are returned in reverse chronological order (most recent first) by default. operationId: listAuditLogs parameters: - name: start_date in: query description: 'The start date for the query range, inclusive. Format: YYYY-MM-DD.' required: false schema: type: string format: date example: '2025-10-01' - name: end_date in: query description: >- The end date for the query range, inclusive. Must be on or after `start_date`. Format: YYYY-MM-DD. required: false schema: type: string format: date example: '2025-10-31' - name: user_id in: query description: Filter events to a specific user by their unique identifier. required: false schema: type: string example: auth0|9b6efd7459f548c8bb542fe81568791f - name: workspace_id in: query description: Filter events to a specific workspace by its unique identifier. required: false schema: type: string example: ws_sz4e50hmqKgjxwiYsK - name: http_verb in: query description: >- Filter by HTTP method (e.g., `POST`, `DELETE`). To exclude a method, prefix it with an exclamation mark (e.g., `!GET`). required: false schema: type: string example: POST - name: status_code in: query description: Filter by a specific HTTP status code. required: false schema: type: integer minimum: 100 maximum: 599 example: 404 - name: endpoint in: query description: >- Filter by the API endpoint path. This is a prefix search (e.g., `/api/v1/users` will match `/api/v1/users/usr_123`). required: false schema: type: string example: /api/v1/projects - name: search_term in: query description: >- A free-text search term. This will search across fields like endpoint, user name, email, IP address, and request/response payloads. Note: Using `search_term` may be less performant than indexed filters. required: false schema: type: string example: user login failed - name: ip_address in: query description: Filter events originating from a specific IP address. required: false schema: type: string format: ipv4 example: 198.51.100.14 - name: cursor in: query description: >- An opaque string that identifies the starting point for the next page of results. Get this value from the `pagination.cursor` field of a previous response. required: false schema: type: string example: eyJQSyI6eyJTIjoiT1JH...In0sInNrIjp7IlMiOiJMT0cj...In19 - name: limit in: query description: >- A limit on the number of objects to be returned, between 1 and 100. The default is 25. required: false schema: type: integer minimum: 1 maximum: 100 default: 25 example: 50 - name: sort_order in: query description: >- The order in which to sort the results. `desc` for most recent first, `asc` for oldest first. required: false schema: type: string enum: - asc - desc default: desc example: desc responses: '200': description: A paginated list of audit log events matching the query. content: application/json: schema: $ref: '#/components/schemas/AuditLogList' '400': description: >- Bad Request - The request was malformed or invalid. This can be due to an invalid date format, an incorrect parameter, or other validation failures. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '401': description: Unauthorized - Authentication credentials were missing or invalid. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal Server Error - An unexpected error occurred on the server. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' components: schemas: AuditLogList: type: object properties: data: type: array items: $ref: '#/components/schemas/AuditLogEvent' pagination: type: object properties: count: type: integer description: >- The number of audit log events in the `data` array for the current page. example: 25 limit: type: integer description: The maximum number of items requested for this page. example: 25 cursor: type: string nullable: true description: >- An opaque string that points to the next page of results. If null, this is the last page. example: eyJQSyI6eyJTIjoiT1JH...In0sInNrIjp7IlMiOiJMT0cj...In19 has_more: type: boolean description: >- True if there are more audit log events available after this page. example: true filters: type: object description: The filters that were applied to this query. example: start_date: '2025-10-01' http_verb: PUT limit: 25 query_info: type: object description: Metadata about the query execution. properties: scanned_count: type: integer description: >- The number of items DynamoDB examined before applying filters. A high number relative to `pagination.count` may indicate a less efficient query. example: 150 query_time_seconds: type: number format: float description: The total time taken to process the query, in seconds. example: 0.082 warnings: type: array description: >- A list of warnings about the query, such as when using potentially incomplete filters. items: type: string example: - >- Results may be incomplete when using search_term due to query limitations. Use more specific, indexed filters for comprehensive results. context: type: object description: Contextual information about the API request itself. properties: requesting_user_id: type: string description: >- The ID of the user who made this API request to fetch audit logs. example: auth0|5a4b3c2d1e0f9g8h7i6j5k4l requesting_workspace_id: type: string description: The ID of the workspace from which this API request was made. example: ws_abc123def456ghi789 organization_id: type: string description: The organization ID for which the audit logs were queried. example: org_xWl6uERh4pBpJxhA timestamp: type: string format: date-time description: The UTC timestamp when this API response was generated. example: '2025-10-29T14:05:12.345Z' ErrorResponse: type: object properties: type: type: string description: A broad category for the error (e.g., 'invalid_request_error'). example: invalid_request_error code: type: string description: A short, unique string identifying the specific error. example: parameter_invalid message: type: string description: A human-readable description of what went wrong. example: The 'end_date' must be after or equal to the 'start_date'. doc_url: type: string description: >- A direct link to the documentation page for this specific error code. example: https://docs.altostrat.io/errors/parameter_invalid AuditLogEvent: type: object properties: log_id: type: string description: Unique identifier for the audit log event, prefixed with `log_`. example: log_2zqrA8B3C4d5E6f7g8h9I0jKlMn organization_id: type: string description: Unique identifier for the organization, prefixed with `org_`. example: org_xWl6uERh4pBpJxhA workspace_id: type: string nullable: true description: Unique identifier for the workspace, prefixed with `ws_`. example: ws_sz4e50hmqKgjxwiYsK user_id: type: string nullable: true description: Unique identifier for the user who performed the action. example: auth0|9b6efd7459f548c8bb542fe81568791f name: type: string nullable: true description: The display name of the user who performed the action. example: Jane Doe email: type: string nullable: true description: The email address of the user who performed the action. example: jane.doe@altostrat.io session_id: type: string nullable: true description: Unique identifier for the user's session. example: sess_a1b2c3d4e5f6a7b8 event_time: type: string format: date-time description: >- The Coordinated Universal Time (UTC) timestamp of when the event occurred. example: '2025-10-29T12:26:01.123Z' method: type: string description: The HTTP method used for the action. example: PUT endpoint: type: string description: The API endpoint that was called. example: /api/v1/projects/proj_A7Bkj29s/settings status_code: type: integer description: The HTTP status code of the response. example: 200 status_code_type: type: string description: >- A broad category for the status code (e.g., 2xx, 4xx) used for efficient filtering. example: 2xx ip_address: type: string format: ipv4 description: The IP address from which the request originated. example: 188.45.21.109 user_agent: type: string nullable: true description: The user agent string of the client that made the request. example: >- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 frontend_page: type: string nullable: true description: >- The path of the page in the frontend application where the action was initiated. example: /projects/proj_A7Bkj29s/settings/general request_payload: type: object nullable: true description: >- The body of the request, if any. Sensitive information may be redacted. example: name: My Awesome Updated Project visibility: private response_payload: type: object nullable: true description: >- The body of the response, if any. Sensitive information may be redacted. example: status: success message: Project settings updated successfully. request_id: type: string nullable: true description: >- A unique identifier for the request, used for idempotency and tracing. example: req_abc123xyz789-test-01 ttl: type: integer description: >- A Unix timestamp indicating when the audit log will automatically be deleted. Logs are retained for 90 days. example: 1766862361 securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT ````