API ReferenceAudit

List Audit Events

Paginated, filterable listing of audit events.

Endpoint

GET /v1/audit/events

Base URL: https://<Domain id="api"/>

Authentication: Bearer token with audit:read scope.

Returns a cursor-paginated list of audit events, newest first. Use the filter parameter with Avnology's filter DSL to narrow by action, actor, target, or time range.

Query Parameters

Parameter	Type	Required	Description
`page_size`	int32	No	Default 50, max 500
`page_token`	string	No	Cursor from previous response
`filter`	string	No	Filter DSL expression
`organization_id`	string	No	Scope to one org

Example filters

action = "user.created"
action ~ "session.*"
actor.id = "usr_4f18acec" AND result = "failure"
timestamp >= "2026-04-17T00:00:00Z"

Example

Response (200 OK)

{
  "events": [
    {
      "id": "aud_01H7X3K9Q1",
      "timestamp": "2026-04-17T12:34:56.789Z",
      "action": "session.login.failed",
      "actor": { "type": "identity", "id": "usr_4f18acec" },
      "result": "failure",
      "ip": "198.51.100.42"

Audit

Immutable audit log API covering every identity, authorization, and admin event.

Get Audit Event

Fetch a single audit event by ID.