Audit
The audit log automatically records all mutating API requests (POST, PUT, DELETE) when an AuditStore is configured. Each entry captures the user, action, resource, IP address, and timestamp. The audit log is useful for compliance, debugging, and understanding who changed what and when.
Audit logging is automatic — you do not need to explicitly log actions. The audit middleware intercepts all mutating requests and writes entries to the AuditStore. This endpoint only provides read access to the log.
Endpoints
| Method | Endpoint | Description |
|---|---|---|
GET | /api/v1/audit | List audit log entries |
List Audit Log
GET /api/v1/auditReturns a paginated list of audit log entries, ordered by most recent first.
Query Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
limit | integer | 50 | Items per page (max 200) |
offset | integer | 0 | Number of items to skip |
Request
curl "http://localhost:8080/api/v1/audit?limit=50&offset=0"Response — 200 OK
[
{
"id": "entry-uuid-1",
"user_id": "user-123",
"action": "post",
"resource": "/api/v1/runs",
"detail": "",
"ip": "192.168.1.1",
"created_at": "2026-02-16T10:05:00Z"
},
{
"id": "entry-uuid-2",
"user_id": "user-123",
"action": "put",
"resource": "/api/v1/pipelines/default/silver/orders",
"detail": "",
"ip": "192.168.1.1",
"created_at": "2026-02-16T10:03:00Z"
},
{
"id": "entry-uuid-3",
"user_id": "user-456",
"action": "delete",
"resource": "/api/v1/schedules/sched-123",
"detail": "",
"ip": "10.0.0.42",
"created_at": "2026-02-16T09:55:00Z"
}
]Response Fields
| Field | Type | Description |
|---|---|---|
| (array) | array | List of audit log entry objects |
[].id | string | Entry UUID |
[].user_id | string | User who performed the action (empty string in Community Edition without auth) |
[].action | string | HTTP method in lowercase: post, put, delete |
[].resource | string | URL path of the API endpoint that was called |
[].detail | string | Additional detail (currently empty, reserved for future use) |
[].ip | string | Client IP address |
[].created_at | string | ISO 8601 timestamp of when the action occurred |
Error Responses
| Status | Code | Description |
|---|---|---|
404 | NOT_FOUND | Audit logging not enabled (no AuditStore configured) |
What Gets Logged
The audit middleware logs all mutating HTTP requests:
| HTTP Method | Logged | Examples |
|---|---|---|
POST | Yes | Creating pipelines, runs, triggers, schedules, namespaces |
PUT | Yes | Updating pipelines, schedules, retention config, metadata |
DELETE | Yes | Deleting pipelines, triggers, schedules, files |
GET | No | Reading data is not logged |
Logged Fields
| Field | Source | Description |
|---|---|---|
user_id | Auth context | Extracted from the JWT token (Pro) or empty (Community) |
action | HTTP method | Lowercase HTTP method (post, put, delete) |
resource | Request URL | Full API path (e.g., /api/v1/pipelines/default/silver/orders) |
ip | Request headers | Client IP from X-Forwarded-For or connection remote address |
Retention
Audit log entries are subject to the retention policy configured in the system retention config:
| Setting | Default | Description |
|---|---|---|
audit_log_max_age_days | 365 | Audit entries older than this are automatically deleted by the reaper |
See Retention for configuration details.
The reaper automatically prunes audit log entries older than audit_log_max_age_days. For compliance requirements that need longer retention, increase this value in the system retention config.