List Audit Logs
GET/v1/audit_logs
List audit log entries recorded under your acquirer and its merchants, newest first.
Required permission: audit_logs_read.
Request
Query Parameters
Possible values: >= 1 and <= 100
Number of items per page.
Filter by the acting user / API key UUID.
Possible values: [AcquirerUser, MerchantUser, StaffUser, ApiKey, AcquirerApiKey]
Filter by the acting user's email (partial match).
Filter by subject model (prefix match). See the Subjects endpoint for the values available to your principal.
Possible values: [Acquirer, Merchant]
Filter by acquirer / merchant name (partial match).
Possible values: [active, passive]
Filter by controller action (prefix match), e.g. create.
Possible values: [performer_type, subject_type, action_type, created_at]
Default value: created_at
Possible values: [asc, desc]
Default value: desc
Responses
- 200
- 401
- 403
Paginated list of audit log entries.
- application/json
- Schema
- Example (from schema)
Schema
Array [
]
audit_logs
object[]
required
A 36-character UUIDv7 identifier.
Possible values: [AcquirerUser, MerchantUser, StaffUser, ApiKey, AcquirerApiKey]
performer
object
nullable
Brief view of the acting user / API key (id, email when applicable).
A 36-character UUIDv7 identifier.
Possible values: [Acquirer, Merchant, null]
organization
object
nullable
Brief view of the owning organization.
A 36-character UUIDv7 identifier.
Model name of the resource acted upon.
A 36-character UUIDv7 identifier.
A 36-character UUIDv7 identifier.
Controller action name.
Possible values: [active, passive]
Request context — request_path, request_payload,
user_agent, ip_info, and for active entries
subject_changes (before / after values, sensitive fields
filtered).
ISO 8601 UTC timestamp with time zone designator.
meta
object
required
Cursor-style pagination metadata. next_page and prev_page are
null at the boundaries. Total counts are intentionally omitted for
performance on large result sets (countless pagination).
Possible values: >= 1
{
"audit_logs": [
{
"id": "0191f5a7-3d99-7f81-b7ec-962a5f5fdd7c",
"performer_type": "AcquirerUser",
"performer": {
"id": "0191f5a7-3d99-7f81-b7ec-962a5f5fdd7c",
"email": "string"
},
"organization_type": "Acquirer",
"organization": {
"id": "0191f5a7-3d99-7f81-b7ec-962a5f5fdd7c",
"name": "string",
"merchant_id": "string"
},
"subject_type": "Order",
"subject_id": "0191f5a7-3d99-7f81-b7ec-962a5f5fdd7c",
"login_session_id": "0191f5a7-3d99-7f81-b7ec-962a5f5fdd7c",
"action": "create",
"action_type": "active",
"description": "AcquirerApiKey:0191… performed create action on Merchant:0192…",
"metadata": {},
"created_at": "2025-01-15T14:30:00Z"
}
],
"meta": {
"current_page": 1,
"next_page": 2,
"prev_page": null
}
}
Authentication failed.
- application/json
- Schema
- Example (from schema)
Schema
{
"message": "Missing authentication information"
}
The API key lacks the required permission.
- application/json
- Schema
- Example (from schema)
Schema
{
"message": "Unauthorized"
}