Admin Audit Log
Overview
The Admin Audit Log API provides access to audit logs that record all operations performed in the management console. Changes before and after operations (before/after) are also recorded, enabling detailed auditing.
Required Permissions
| Operation | Required Permission |
|---|---|
| Read | admin:admin_audit:read |
Endpoint List
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/admin/admin-audit-log | List audit logs |
| GET | /api/admin/admin-audit-log/:id | Get audit log details |
| GET | /api/admin/admin-audit-log/actions/list | List action types |
| GET | /api/admin/admin-audit-log/resource-types/list | List resource types |
| GET | /api/admin/admin-audit-log/stats/summary | Get statistics summary |
| GET | /api/admin/admin-audit-log/user/:userId | Get logs for specific user |
List Audit Logs
Retrieve a list of audit logs.
Endpoint
GET /api/admin/admin-audit-log
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
page | integer | - | Page number (default: 1) |
limit | integer | - | Number of items (default: 50, max: 100) |
admin_user_id | string | - | Filter by admin user |
action | string | - | Filter by action |
resource_type | string | - | Filter by resource type |
result | string | - | Filter by result (success, failure) |
severity | string | - | Filter by severity (debug, info, warn, error, critical) |
start_date | string | - | Start date (ISO 8601 format) |
end_date | string | - | End date (ISO 8601 format) |
Request Example
curl -X GET "https://{tenant-domain}/api/admin/admin-audit-log?action=admin.user.create&limit=20" \ -H "Authorization: Bearer {token}"Response Example
{ "items": [ { "id": "log_abc123", "tenant_id": "default", "admin_user_id": "admin_xyz789", "action": "admin.user.create", "resource_type": "admin_user", "resource_id": "admin_new001", "result": "success", "severity": "info", "ip_address": "192.168.1.100", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)...", "request_id": "req_def456", "before": null, "after": { "name": "New Admin" }, "metadata": {}, "created_at": 1706140800000 } ], "total": 100, "page": 1, "limit": 50, "totalPages": 2}Get Audit Log Details
Retrieve detailed information for a specified audit log.
Endpoint
GET /api/admin/admin-audit-log/:id
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
id | string | ✓ | Audit log ID |
Request Example
curl -X GET "https://{tenant-domain}/api/admin/admin-audit-log/log_abc123" \ -H "Authorization: Bearer {token}"Response Example
{ "id": "log_abc123", "tenant_id": "default", "admin_user_id": "admin_xyz789", "admin_name": "Administrator", "action": "admin.user.update", "action_description": "Updated admin user", "resource_type": "admin_user", "resource_id": "admin_target001", "result": "success", "severity": "info", "ip_address": "192.168.1.100", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)...", "request_id": "req_def456", "before": { "name": "Old Name", }, "after": { "name": "New Name", }, "changes": [ { "field": "name", "old_value": "Old Name", "new_value": "New Name" }, { "field": "email", } ], "metadata": { "session_id": "sess_abc123" }, "created_at": 1706140800000}List Action Types
Retrieve available action types.
Endpoint
GET /api/admin/admin-audit-log/actions/list
Request Example
curl -X GET "https://{tenant-domain}/api/admin/admin-audit-log/actions/list" \ -H "Authorization: Bearer {token}"Response Example
{ "items": [ { "key": "admin.user.create", "description": "Create admin user" }, { "key": "admin.user.update", "description": "Update admin user" }, { "key": "admin.user.delete", "description": "Delete admin user" }, { "key": "admin.user.suspend", "description": "Suspend admin user" }, { "key": "admin.user.activate", "description": "Activate admin user" }, { "key": "admin.user.unlock", "description": "Unlock admin user" }, { "key": "admin.role.create", "description": "Create admin role" }, { "key": "admin.role.update", "description": "Update admin role" }, { "key": "admin.role.delete", "description": "Delete admin role" }, { "key": "admin.role.assign", "description": "Assign role" }, { "key": "admin.role.unassign", "description": "Unassign role" }, { "key": "admin.ip_allowlist.create", "description": "Add IP allowlist entry" }, { "key": "admin.ip_allowlist.update", "description": "Update IP allowlist entry" }, { "key": "admin.ip_allowlist.delete", "description": "Delete IP allowlist entry" }, { "key": "admin.login", "description": "Admin console login" }, { "key": "admin.logout", "description": "Admin console logout" }, { "key": "admin.login_failed", "description": "Login failed" } ], "total": 17}List Resource Types
Retrieve available resource types.
Endpoint
GET /api/admin/admin-audit-log/resource-types/list
Request Example
curl -X GET "https://{tenant-domain}/api/admin/admin-audit-log/resource-types/list" \ -H "Authorization: Bearer {token}"Response Example
{ "items": [ { "key": "admin_user", "description": "Admin user" }, { "key": "admin_role", "description": "Admin role" }, { "key": "ip_allowlist", "description": "IP allowlist" }, { "key": "session", "description": "Session" } ], "total": 4}Get Statistics Summary
Retrieve audit log statistics summary.
Endpoint
GET /api/admin/admin-audit-log/stats/summary
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
days | integer | - | Number of days for statistics (default: 7) |
Request Example
curl -X GET "https://{tenant-domain}/api/admin/admin-audit-log/stats/summary?days=30" \ -H "Authorization: Bearer {token}"Response Example
{ "total_entries": 1234, "recent_entries": 89, "time_range_days": 30, "result_breakdown": { "success": 85, "failure": 4 }, "severity_breakdown": { "debug": 0, "info": 70, "warn": 15, "error": 4, "critical": 0 }, "top_actions": [ { "action": "admin.user.read", "count": 45 }, { "action": "admin.role.update", "count": 20 }, { "action": "admin.login", "count": 15 } ], "most_active_admins": [ { "admin_user_id": "admin_abc123", "action_count": 50 }, { "admin_user_id": "admin_def456", "action_count": 30 } ], "daily_activity": [ { "date": "2024-01-22", "count": 45 }, { "date": "2024-01-21", "count": 38 } ]}Get Logs for Specific User
Retrieve audit logs for a specified admin user.
Endpoint
GET /api/admin/admin-audit-log/user/:userId
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
userId | string | ✓ | Admin user ID |
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
page | integer | - | Page number (default: 1) |
limit | integer | - | Number of items (default: 50) |
start_date | string | - | Start date (ISO 8601 format) |
end_date | string | - | End date (ISO 8601 format) |
Request Example
curl -X GET "https://{tenant-domain}/api/admin/admin-audit-log/user/admin_abc123?limit=20" \ -H "Authorization: Bearer {token}"Response Example
{ "admin_user": { "id": "admin_abc123", "name": "Administrator" }, "items": [ { "id": "log_xyz789", "action": "admin.user.update", "resource_type": "admin_user", "resource_id": "admin_target001", "result": "success", "severity": "info", "ip_address": "192.168.1.100", "created_at": 1706140800000 } ], "total": 150, "page": 1, "limit": 20, "totalPages": 8}Severity Levels
| Level | Description | Usage |
|---|---|---|
debug | Debug | Detailed logs during development |
info | Information | Normal operations (default) |
warn | Warning | Operations requiring attention |
error | Error | Operation failures |
critical | Critical | Significant security-related events |
Automatic Recording
All Admin management API operations are automatically recorded in audit logs. Recorded information includes:
- Admin user who performed the operation
- Executed action
- Target resource
- State before and after operation (before/after)
- IP address, user agent
- Operation success/failure
- Timestamp