Audit Log Query
This page describes how to query account-level audit logs through the API, with support for filtering by time range and operator. It is intended for troubleshooting and compliance review.
URI
GET /audit_logs
Permission and Rate Limit
The API key must have the Audit_Log_Query permission. This endpoint can be requested up to 60 times per hour per API key.
Query Parameters
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
auditType | String | No | — | Exact-match filter by audit type, for example PLATFORM_API_KEY_CREATED. |
operator | String | No | — | Filter by operator. Accepted values: system (system operations), owner email, subuser email, or a 16-character alphanumeric appKey. |
startTime | String | No | — | Query start time in YYYY-MM-DD HH:MM:SS format. Cannot be earlier than 90 days ago (midnight UTC). |
endTime | String | No | — | Query end time in YYYY-MM-DD HH:MM:SS format. Must not be later than the current time. |
_page | Integer | No | 1 | Page number. Minimum value: 1. |
_limit | Integer | No | 20 | Number of items per page. Minimum value: 1. |
_sort | String | No | auditTime | Sort field. |
_order | String | No | desc | Sort order. Accepted values: asc, desc. |
Time Range Limit
startTime cannot be earlier than midnight UTC 90 days ago. Requests with an earlier startTime will return 400.
Request Example
Use the API key as the username and the API secret as the password for Basic Auth.
bash
curl -u key:secret -X GET "{api}/audit_logs?startTime=2026-04-15%2016:00:00&endTime=2026-04-22%2016:00:00&operator=system&_page=1&_limit=20"Response Example
json
{
"items": [
{
"auditTime": "2026-04-30 10:30:00",
"auditType": "PLATFORM_API_KEY_CREATED",
"ip": "203.0.113.8",
"description": "Created Platform API Key: xxx.",
"userType": "api",
"appKey": "app_k_xxx",
"subuserID": null,
"userID": "user_xxx",
"operator": "app_k_xxx"
}
],
"meta": {
"page": 1,
"limit": 20,
"count": 37
}
}Response Fields
| Field | Type | Description |
|---|---|---|
auditTime | String | Time of the audit event in YYYY-MM-DD HH:MM:SS format. |
auditType | String | Audit event type. |
ip | String | IP address of the operation source. |
description | String | Description of the operation. |
userType | String | Operator type. Enum: system, user (owner), subuser, api (API key). |
appKey | String | The API key used for the operation. Only present when userType is api. |
subuserID | String | Subuser ID. Only present when userType is subuser; otherwise null. |
userID | String | Account ID. |
operator | String | Resolved display value of the operator: owner email, subuser email, system, or appKey. |
Error Responses
| HTTP Status | Description |
|---|---|
400 | Invalid parameters, for example an invalid time format or a range over 90 days. |
401 | Unauthorized. The API key is missing or invalid. |
403 | Forbidden. The API key does not have the Audit_Log_Query permission. |
429 | Too many requests. Exceeded the rate limit of 60 requests per hour per API key. |