API ReferenceAudit
Audit
Immutable audit log API covering every identity, authorization, and admin event.
Audit
AuditService is the read API over Avnology ID's append-only audit log. Every mutation -- login, permission change, org admin action, OAuth client rotation -- writes one event with a stable schema, actor identity, target resource, and arbitrary structured details.
Use it to:
- Power customer-facing audit dashboards (see AuditLogViewer component).
- Export to a SIEM (Splunk, Datadog, Elastic) via the export endpoint.
- Drive compliance evidence collection (SOC 2, ISO 27001).
Base URL: https://<Domain id="api"/>
Authentication: Bearer API key with audit:read scope (or audit:export for bulk export).
RPCs
| Method | Path | Purpose |
|---|---|---|
| GetAuditEvent | GET /v1/audit/events/{id} | Fetch one event by ID |
| ListAuditEvents | GET /v1/audit/events | Paginated, filterable listing |
| ExportAuditEvents | POST /v1/audit/events:export | Bulk export (CSV / JSONL) with a signed download URL |
| GetAuditSummary | GET /v1/audit/events:summary | Aggregated counts per action for a time range |
Event schema
Every audit event has:
The action field is namespaced {resource}.{verb}. Stable actions are documented in the Webhook events catalog -- audit actions and webhook event types share a vocabulary.
Retention
- Free tier: 30 days.
- Team: 1 year.
- Enterprise: configurable, defaults to 7 years, bounded only by object-storage capacity when streaming to SSF.
Use SSF streams to offload long-term retention to your own SIEM.