Skip to content

Audit Logs

Query and inspect audit log records for compliance, security review, and usage monitoring. Audit logs capture detailed information about API requests and business events within your tenant.

Base path: /api/v1/admin/audit-logs

Method Endpoint Description
GET /api/v1/admin/audit-logs List Audit Logs

List Audit Logs

GET /api/v1/admin/audit-logs

Requires Authentication - Scopes: admin:audit:read

Returns a paginated list of audit log records for the current tenant. The logs include information about the acting user, the action performed, the outcome, and technical details of the request.

Query Parameters
Parameter Type Required Default Description
page integer No 0 Page number (zero-based).
size integer No 50 Page size (max 200).
importance string No - Comma-separated levels: CRITICAL, HIGH, MEDIUM, LOW.
userId UUID No - Filter by the acting user ID.
impersonatorId UUID No - Filter by the admin user ID who performed impersonation.
action string No - Filter by specific action (e.g., transcription.upload).
outcome string No - Filter by SUCCESS or FAILURE.
from ISO 8601 No - Start of time range (inclusive).
to ISO 8601 No - End of time range (inclusive).
requestId string No - Filter by request correlation ID.
httpMethod string No - Filter by GET, POST, PUT, PATCH, DELETE.
statusCode integer No - Filter by HTTP response status code.
endpoint string No - Filter by exact endpoint path.
endpointPrefix string No - Filter by endpoint path prefix (e.g., /api/v1/admin).
sourceIp string No - Filter by client source IP address.
apiKeyId UUID No - Filter by API key identifier. 
curl -X GET "https://koldan.dixilang.com/api/v1/admin/audit-logs?importance=CRITICAL,HIGH&outcome=FAILURE" \
  -H "Authorization: Bearer $JWT"

import requests

resp = requests.get(
    "https://koldan.dixilang.com/api/v1/admin/audit-logs",
    headers={"Authorization": f"Bearer {JWT}"},
    params={
        "importance": "CRITICAL,HIGH",
        "outcome": "FAILURE"
    }
)
print(resp.json())
AuditLogListResponse
Field Type Nullable Description
items AuditLogResponse[] No Array of audit log entries.
page integer No Current page number.
size integer No Number of items per page.
totalElements long No Total number of matching records.
totalPages integer No Total number of pages.
Example AuditLogListResponse
{
  "items": [
    {
      "id": "77889900-e29b-41d4-a716-446655443322",
      "tenantId": "550e8400-e29b-41d4-a716-446655440000",
      "userId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
      "requestId": "a8d3c8...",
      "eventType": "api_request",
      "importance": "MEDIUM",
      "action": "transcription.get",
      "outcome": "SUCCESS",
      "httpMethod": "GET",
      "endpoint": "/api/v1/speech-services/transcriptions/f7d3c6...",
      "statusCode": 200,
      "durationMs": 145,
      "sourceIp": "192.168.1.100",
      "authMethod": "JWT",
      "impersonated": false,
      "createdAt": "2026-04-07T22:00:00Z"
    }
  ],
  "page": 0,
  "size": 50,
  "totalElements": 1,
  "totalPages": 1
}
Status Description
200 OK Audit logs retrieved successfully.
401 Unauthorized Missing or invalid authentication.
403 Forbidden Insufficient scope.

Data Models

AuditLogResponse

Field Type Nullable Description
id UUID No Unique audit record identifier.
tenantId UUID No Tenant the event belongs to.
userId UUID No Effective user who performed the action.
requestId string No Correlation identifier for the HTTP request.
eventType string No Event classification (e.g., api_request).
importance string No Severity level: CRITICAL, HIGH, MEDIUM, LOW.
action string No Business action performed (e.g., user.delete).
outcome string No Outcome: SUCCESS or FAILURE.
httpMethod string Yes HTTP method of the request.
endpoint string Yes Request URI path.
queryParams string Yes Query string parameters.
statusCode integer Yes HTTP response status code.
durationMs long Yes Request processing time in milliseconds.
sourceIp string Yes Client IP address.
userAgent string Yes Client User-Agent header value.
authMethod string No JWT or API_KEY.
apiKeyId UUID Yes API key identifier if used.
impersonated boolean No Whether action was performed via impersonation.
impersonatorId UUID Yes Admin ID who initiated impersonation.
resourceType string Yes Type of affected resource (e.g., tenant).
resourceId string Yes Identifier of the affected resource.
createdAt ISO 8601 No Timestamp of the event.

Enumerations

AuditImportance

Value Description
CRITICAL Security-critical events or severe failures.
HIGH Significant business actions or configuration changes.
MEDIUM Standard operational actions.
LOW Read-only operations or low-impact events.

AuditOutcome

Value Description
SUCCESS The action was completed successfully.
FAILURE The action failed or was denied.