Audit Log
Query the organization-wide audit trail of all mutations.
Audit Log
The audit log records every mutation in your organization: agent creation, policy changes, kill switch toggles, member invitations, key revocations, and billing events.
Plan requirement
The audit log is available on Team and Enterprise plans.
List Audit Log Entries
GET /v1/audit-logAuth: JWT (admin+) | Plan: Team or Enterprise
| Parameter | Type | Required | Description |
|---|---|---|---|
limit | integer | No | Results per page (default 20, max 100). |
cursor | UUID | No | Pagination cursor. |
resource_type | string | No | Filter by agent, policy, api_key, org_member, alert_rule, subscription. |
action | string | No | Filter by action (e.g., agent.created, policy.activated). |
actor_id | UUID | No | Filter by the user who performed the action. |
from | ISO 8601 | No | Start of time range. |
to | ISO 8601 | No | End of time range. |
search | string | No | Search by user name, email, or resource ID (max 128 chars). |
bash
curl "https://api.checkrd.io/v1/audit-log?resource_type=agent&limit=10" \
-H "Authorization: Bearer YOUR_JWT_TOKEN"Response 200 OK
json
{
"data": [
{
"id": "01916e00-...",
"action": "agent.created",
"resource_type": "agent",
"resource_id": "01916a3e-...",
"details": { "name": "sales-agent" },
"ip_address": "203.0.113.1",
"user_email": "alice@company.com",
"user_name": "Alice",
"created_at": "2026-04-10T14:30:00Z"
}
],
"has_more": false,
"next_cursor": null
}Get Resource History
GET /v1/audit-log/:resource_type/:resource_idAuth: JWT (admin+) | Plan: Team or Enterprise
Returns the full audit history for a specific resource (limited to 100 entries).
bash
curl https://api.checkrd.io/v1/audit-log/agent/01916a3e-... \
-H "Authorization: Bearer YOUR_JWT_TOKEN"Response 200 OK -- Array of audit log entries for that resource.