Audit Logs
Track all activity in your organization for security and compliance.
What's Logged
Every API call and user action is recorded:
- Who: User ID or API key
- What: Action performed
- When: Timestamp (UTC)
- Where: IP address, user agent
- Result: Success or failure
Viewing Logs
Dashboard
Go to Settings > Security > Audit Logs
API
python
logs = client.audit.list(
start_date="2026-01-01",
end_date="2026-01-31",
action="document.deleted",
limit=100
)Log Entry Format
json
{
"id": "log_abc123",
"timestamp": "2026-01-20T10:30:00Z",
"actor": {
"type": "user",
"id": "user_xyz",
"email": "user@example.com"
},
"action": "document.deleted",
"resource": {
"type": "document",
"id": "doc_123",
"name": "Q4 Report"
},
"result": "success",
"metadata": {
"ip_address": "192.168.1.1",
"user_agent": "Mozilla/5.0..."
}
}Event Types
| Category | Events |
|---|---|
| Documents | created, updated, deleted, viewed |
| Search | executed, exported |
| Users | invited, updated, removed |
| Settings | updated |
| API Keys | created, revoked, used |
Log Retention
| Plan | Retention |
|---|---|
| Free | 7 days |
| Pro | 90 days |
| Enterprise | Custom (up to unlimited) |
Exporting Logs
Export to your SIEM:
python
client.audit.export({
"format": "json",
"destination": "s3://your-bucket/audit-logs/"
})Alerts
Set up alerts for specific events:
python
client.alerts.create({
"name": "Document Deletion Alert",
"condition": "action == 'document.deleted'",
"notify": ["security@yourcompany.com"]
})