Audit Logs API
Every read and write performed through the gateway — by dashboard users and API keys alike — is recorded as an audit log entry. As an acquirer you can query the audit trail of your own organization and of every merchant under your acquirer.
Entry anatomy
| Field | Meaning |
|---|---|
performer | Who acted — a dashboard user or an API key. |
organization | The acquirer or merchant the action was performed within. |
subject | The resource acted upon (order, merchant, user, …). |
action | Controller action name (index, show, create, update, …). |
action_type | passive for reads, active for writes. |
Passive (read) entries are retained for 14 days; active (write) entries are retained indefinitely.
Required permission: audit_logs_read.
Authentication
- HTTP: Bearer Auth
Acquirer API key sent as a bearer token:
Authorization: Bearer acquirer_key_...
Keys are created from the Acquirer Dashboard and carry an explicit set of permissions. Every request is scoped to the acquirer that owns the key — resources of other acquirers are never visible. Keys may be IP-restricted; requests from non-whitelisted IPs are rejected with HTTP 401. See the Authentication page for details.
Security Scheme Type: | http |
|---|---|
HTTP Authorization Scheme: | bearer |
Bearer format: | acquirer_key_* |