Appearance
Activity log API
The activity log is a read-only record of changes made to your account: who did what, from where, and when. It is the trail behind the Activity log page in the console.
Every request needs a bearer token and the audit:read permission.
List activity
http
GET /api/audit-logs?page=1&limit=20Paginated. Returns the standard { data, total, page, limit, totalPages } envelope, where each entry looks like:
json
{
"id": "...",
"actorType": "user",
"username": "alice",
"method": "POST",
"path": "/api/pods",
"status": 201,
"ip": "203.0.113.7",
"createdAt": "2026-07-16T14:02:11Z"
}| Field | Meaning |
|---|---|
actorType | Who acted: user (a person's session), apikey (an API key), or system (an automated account action) |
username | The account user behind the change |
method | HTTP method of the change |
path | What was changed |
status | HTTP status the change returned |
ip | Where the request came from |
createdAt | When it happened |
There is no search filter on this endpoint - page through and filter on your side. Entries are kept for 90 days, then age out.
What gets recorded
Only successful changes - creating, updating, or deleting something. Read-only requests (just looking) are not logged, and neither are failed attempts. We record what was touched, never the contents: request bodies are not stored, so no passwords, keys, or payloads end up in the log.