Platform API
Audit Log
Use audit log endpoints to review organization activity, including API key changes, member changes, invitation events, model access requests, and billing setting changes.
List Audit Log
GET /organizations/{org_id}/audit_log
Lists audit log entries for the organization.
Permission: api-admin
Query parameters:
| Parameter | Type | Description |
|---|---|---|
after | string | Return entries after this cursor. |
before | string | Return entries before this cursor. Cannot be used with after. |
limit | integer | Maximum entries to return. Clamped to 1 through 200. |
from | timestamp | Include entries created at or after this time. |
to | timestamp | Include entries created at or before this time. |
actor | string | Filter by principal string, such as key$/ak_... or user$/user_.... |
resource_type | string | Filter by resource type, such as org, api_key, model, or billing_account. |
resource_id | string | Filter by resource id. |
action | string | Filter by action prefix, such as api_key. or org.invite_. |
Response:
{
"data": [
{
"id": "audit_...",
"created_at": "2026-01-01T00:00:00Z",
"actor": "key$/ak_...",
"actor_ip": "203.0.113.10",
"organization_id": "org_...",
"action": "api_key.create",
"resource_type": "api_key",
"resource_id": "ak_...",
"metadata": {
"name": "CI key"
}
}
],
"start_cursor": "...",
"end_cursor": "..."
}actor_ip, organization_id, start_cursor, and end_cursor may be null.
Errors
All endpoints can return:
{
"error": {
"message": "resource not found"
}
}Common statuses:
| Status | Code | When |
|---|---|---|
400 | none | Invalid cursor, using both before and after, or invalid query parameter. |
401 | none | Authentication failed. |
403 | insufficient_api_key_permissions | API key does not have api-admin. |
404 | none | Organization or API-key organization scope was not found. |
500 | none | Internal error. |