Skip to main content
Version: 1

Audit Logs API

Every read and write performed through the gateway — by dashboard users and API keys alike — is recorded as an audit log entry. As an acquirer you can query the audit trail of your own organization and of every merchant under your acquirer.

Entry anatomy

FieldMeaning
performerWho acted — a dashboard user or an API key.
organizationThe acquirer or merchant the action was performed within.
subjectThe resource acted upon (order, merchant, user, …).
actionController action name (index, show, create, update, …).
action_typepassive for reads, active for writes.

Passive (read) entries are retained for 14 days; active (write) entries are retained indefinitely.

Required permission: audit_logs_read.

Authentication

Acquirer API key sent as a bearer token:

Authorization: Bearer acquirer_key_...

Keys are created from the Acquirer Dashboard and carry an explicit set of permissions. Every request is scoped to the acquirer that owns the key — resources of other acquirers are never visible. Keys may be IP-restricted; requests from non-whitelisted IPs are rejected with HTTP 401. See the Authentication page for details.

Security Scheme Type:

http

HTTP Authorization Scheme:

bearer

Bearer format:

acquirer_key_*