Audit Logs
Track administrative actions across your organization with a complete, immutable activity trail.
Audit Logs provide a complete record of who did what, when, and on what resources across your organization. Essential for compliance, security audits, and operational transparency.
Audit Logs require a Studio Pro plan or higher and are accessible to organization owners and admins only.
Accessing Audit Logs
Navigate to Settings → Access Control → Audit Log.
You’ll see a chronological list of all administrative events with:
- Actor — Who performed the action (name and email)
- Action — What they did (color-coded by type)
- Timestamp — When it happened (with relative time display)
- Details — Click any row to see full context
What Gets Tracked
Audit Logs capture 100+ event types across all administrative areas:
Member Management
- Member invited, invite accepted, invite revoked
- Role changed, member offboarded, member reactivated
- Workspace member added, removed, permissions updated
App Lifecycle
- App created, deleted, duplicated, moved
- App published, rolled back, version restored
- App settings updated
Billing & Subscriptions
- Subscription changed, cancelled
- Top-up settings updated, notification settings updated
- Stripe Connect initiated, disconnected
Integrations & Connections
- OAuth connected, disconnected
- Channel configured (WhatsApp, Slack, Email, Discord, GitHub)
- MCP integration created, updated, deleted
- Phone number purchased, released
- Custom domain and sender domain events
Knowledge & AI
- Knowledge source created, deleted, linked, unlinked
- Agent links created, deleted
- Voice clones created, deleted
Organization Settings
- Workspace created, updated, deleted
- Whitelabel configuration changes
- Consumer monetization (packages created, updated, deleted)
Filtering Events
Use the action type dropdown to filter by specific event categories. Events are grouped and color-coded:
| Color | Meaning | Examples |
|---|---|---|
| Green | Creates, invites, connections | Member invited, app created, integration connected |
| Blue | Updates, changes | Role changed, settings updated |
| Red | Deletions, removals | Member offboarded, app deleted, integration disconnected |
Event Details
Click any event row to expand full details:
| Field | What It Shows |
|---|---|
| Actor | Email of the person who performed the action, or “System” for automated events |
| Target user | If applicable, the person affected (e.g., the invited member) |
| Resource | Type and ID of the affected resource (workspace, app, domain, etc.) |
| Timestamp | Exact date and time (ISO 8601) |
| IP address | Client IP address of the actor |
| User agent | Browser and device information |
| Context (JSON) | Action-specific details (previous values, new values, reasons, etc.) |
Example: Role Changed
Actor: admin@company.com
Action: member.role_changed
Target: team@company.com
Details:
Previous role: member
New role: adminAPI Access
Query audit logs programmatically:
GET /api/organization/rbac/members/audit-logQuery parameters:
| Parameter | Description | Example |
|---|---|---|
action | Filter by event type | member.invited |
targetUserId | Filter by affected user | UUID |
since | Filter by date | 2026-03-15 |
limit | Results per page (max 200) | 50 |
offset | Pagination offset | 0 |
Use Cases
| Scenario | What to Look For |
|---|---|
| Security audit | Filter for member.offboarded, member.role_changed, integration.connected |
| Billing investigation | Filter for subscription.changed, billing.top_up events |
| Compliance review | Export full activity trail for a date range |
| Incident response | Search for actions around a specific timestamp |
| Onboarding verification | Track invite acceptance and permission grants |