# Audit Logs Track administrative actions across your organization with a complete, immutable activity trail. --- Audit Logs provide a complete record of who did what, when, and on what resources across your organization. Essential for compliance, security audits, and operational transparency. > **Warning:** Audit Logs require a Studio Pro plan or higher and are accessible to organization owners and admins only. ## Accessing Audit Logs Navigate to **Settings** → **Access Control** → **Audit Log**. You'll see a chronological list of all administrative events with: - **Actor** -- Who performed the action (name and email) - **Action** -- What they did (color-coded by type) - **Timestamp** -- When it happened (with relative time display) - **Details** -- Click any row to see full context ## What Gets Tracked Audit Logs capture 100+ event types across all administrative areas: ### Member Management - Member invited, invite accepted, invite revoked - Role changed, member offboarded, member reactivated - Workspace member added, removed, permissions updated ### App Lifecycle - App created, deleted, duplicated, moved - App published, rolled back, version restored - App settings updated ### Billing & Subscriptions - Subscription changed, cancelled - Top-up settings updated, notification settings updated - Stripe Connect initiated, disconnected ### Integrations & Connections - OAuth connected, disconnected - Channel configured (WhatsApp, Slack, Email, Discord, GitHub) - MCP integration created, updated, deleted - Phone number purchased, released - Custom domain and sender domain events ### Knowledge & AI - Knowledge source created, deleted, linked, unlinked - Agent links created, deleted - Voice clones created, deleted ### Organization Settings - Workspace created, updated, deleted - Whitelabel configuration changes - Consumer monetization (packages created, updated, deleted) ## Filtering Events Use the **action type dropdown** to filter by specific event categories. Events are grouped and color-coded: | Color | Meaning | Examples | |-------|---------|---------| | **Green** | Creates, invites, connections | Member invited, app created, integration connected | | **Blue** | Updates, changes | Role changed, settings updated | | **Red** | Deletions, removals | Member offboarded, app deleted, integration disconnected | ## Event Details Click any event row to expand full details: | Field | What It Shows | |-------|---------------| | **Actor** | Email of the person who performed the action, or "System" for automated events | | **Target user** | If applicable, the person affected (e.g., the invited member) | | **Resource** | Type and ID of the affected resource (workspace, app, domain, etc.) | | **Timestamp** | Exact date and time (ISO 8601) | | **IP address** | Client IP address of the actor | | **User agent** | Browser and device information | | **Context (JSON)** | Action-specific details (previous values, new values, reasons, etc.) | ### Example: Role Changed ``` Actor: admin@company.com Action: member.role_changed Target: team@company.com Details: Previous role: member New role: admin ``` ## API Access Query audit logs programmatically: ``` GET /api/organization/rbac/members/audit-log ``` **Query parameters:** | Parameter | Description | Example | |-----------|-------------|---------| | `action` | Filter by event type | `member.invited` | | `targetUserId` | Filter by affected user | UUID | | `since` | Filter by date | `2026-03-15` | | `limit` | Results per page (max 200) | `50` | | `offset` | Pagination offset | `0` | ## Use Cases | Scenario | What to Look For | |----------|-----------------| | **Security audit** | Filter for `member.offboarded`, `member.role_changed`, `integration.connected` | | **Billing investigation** | Filter for `subscription.changed`, `billing.top_up` events | | **Compliance review** | Export full activity trail for a date range | | **Incident response** | Search for actions around a specific timestamp | | **Onboarding verification** | Track invite acceptance and permission grants |