Platform API

Audit Log

Use audit log endpoints to review organization activity, including API key changes, member changes, invitation events, model access requests, and billing setting changes.

List Audit Log

GET /organizations/{org_id}/audit_log

Lists audit log entries for the organization.

Permission: api-admin

Query parameters:

ParameterTypeDescription
afterstringReturn entries after this cursor.
beforestringReturn entries before this cursor. Cannot be used with after.
limitintegerMaximum entries to return. Clamped to 1 through 200.
fromtimestampInclude entries created at or after this time.
totimestampInclude entries created at or before this time.
actorstringFilter by principal string, such as key$/ak_... or user$/user_....
resource_typestringFilter by resource type, such as org, api_key, model, or billing_account.
resource_idstringFilter by resource id.
actionstringFilter by action prefix, such as api_key. or org.invite_.

Response:

{
  "data": [
    {
      "id": "audit_...",
      "created_at": "2026-01-01T00:00:00Z",
      "actor": "key$/ak_...",
      "actor_ip": "203.0.113.10",
      "organization_id": "org_...",
      "action": "api_key.create",
      "resource_type": "api_key",
      "resource_id": "ak_...",
      "metadata": {
        "name": "CI key"
      }
    }
  ],
  "start_cursor": "...",
  "end_cursor": "..."
}

actor_ip, organization_id, start_cursor, and end_cursor may be null.

Errors

All endpoints can return:

{
  "error": {
    "message": "resource not found"
  }
}

Common statuses:

StatusCodeWhen
400noneInvalid cursor, using both before and after, or invalid query parameter.
401noneAuthentication failed.
403insufficient_api_key_permissionsAPI key does not have api-admin.
404noneOrganization or API-key organization scope was not found.
500noneInternal error.