Skip to main content
The Audit API allows you to access comprehensive audit logs from . These logs provide detailed information about actions performed within the platform, including who performed the action, when it occurred, and other relevant details. This information is useful for maintaining security, compliance, and operational oversight. This guide will walk you through the steps to retrieve audit logs using the Audit API. The event types currently supported by the API are listed below. New event types are continually added as more areas of are integrated with the Audit API, and this list will be updated accordingly.
Audit logs contain user identifiers, such as name and email address, to attribute actions to specific users. Only users with the View Audit Events permission can access audit logs. Logs are retained within the platform, and are accessible via and the Audit API for a rolling 90-day period. Events older than 90 days aren’t available via the platform or API, even though underlying audit data may be stored for up to 12 months for operational purposes.

Prerequisites

Before you begin, make sure you have the following:

Get the audit logs

Retrieve the audit logs using the Audit API. Base URL: GET /v1/events

Parameters

NameDescription
fromThe earliest date and time of audit events to retrieve. The parameter should be in ISO 8601 format, e.g.: 2025-02-20T07:15:15.000-01:00.
toThe latest date and time of audit events to retrieve. The parameter should be in ISO 8601 format, e.g.: 2025-02-21T07:15:15.000-01:00.
pageThe page number of the retrieved results. The first page is 0.
sizeThe number of records per page, from 1 to 100.

Example response

A successful response returns a 200 OK status code and a JSON body containing the audit logs, as in the following example: 
{
  "page": 1,
  "results": [
    {
      "actorEmail": "user123@abc.com",
      "actorId": "string",
      "additionalInfo": "string",
      "eventDescription": "User logged in",
      "eventId": "123e4567-e89b-12d3-a456-426614174000",
      "eventName": "hub_user_login",
      "eventProjectId": "4cfcf46e-5bb1-4887-8772-d1c0eeb0cfef",
      "eventSource": "secrets-reference",
      "eventSubjectId": "C67A9A1A-5A49-4EBF-8222-0C6DCC572505",
      "eventSubjectName": "my-first-secret",
      "eventSubjectType": "USER",
      "eventTimestamp": "2025-01-30T00:30:12Z",
      "eventType": "LOGIN"
    }
  ],
  "size": 50,
  "total": 472
}

Audit event types

The following tables list the event types currently supported by the Audit API. Events are grouped by the product area that they relate to.

Account

Event nameScopeDescription
Account name changedAccountAccount name changed.
Account createdAccountAccount created.
Invite createdAccountUser invitation created and sent to the user.
Invite redeemedAccountUser redeemed invitation.
Account user removedAccountUser removed from the account.

Maia runner

Event nameScopeDescription
Agent createdAccountA new agent was added.
Agent removedAccountAn agent was removed.
Agent updatedAccountAn existing agent configuration was changed.
Allow ListAccountThe allow list was changed.
Agent ActionAccountAn agent was restarted, paused, started, or had a credentials refresh.

Artifacts

Event nameScopeDescription
Artifact createdProjectNew artifact successfully created.
Artifact disabledProjectNew artifact successfully removed.

Credentials

These events include those for secrets, cloud credentials, and OAuths.
Event nameScopeDescription
Credentials created (Secrets/Cloud Credentials/OAuth)ProjectProject credentials created.
Credentials changed in project (Secrets/Cloud Credentials/OAuth)ProjectCredentials changed in project.
Credentials removed from project (Secrets/Cloud Credentials/OAuth)ProjectCredentials removed from project.

Custom connector

Event nameScopeDescription
Custom Connector createdAccountNew Custom connector created.
Custom Connector changedAccountCustom connector changed.
Custom Connector deletedAccountCustom connector removed.

Project

Event nameScopeDescription
Project createdProjectNew project successfully created.
Project removedProjectProject removed.
User granted access to projectProjectA user was granted access to a project.
User removed from projectProjectA user was removed from a project.
Project connection created/updated/deletedProjectA connection at the project level was created, updated, or deleted. Examples include an SSH tunnel, OAuth configuration, or secret definition.
Project connection audit events are produced for SSH Tunnels, OAuths, and Secret definitions.

Environments

Event nameScopeDescription
Environment createdEnvironmentA new environment was successfully created in a project.
Environment connection created/updated/deletedEnvironmentA connection at the environment level was created, updated, or deleted. Examples include an OAuth configuration or secret definition.
Environment connection audit events are produced for OAuths and Secret definitions.

Schedules

Event nameScopeDescription
Schedule createdProjectNew schedule successfully created.
Schedule updatedProjectSchedule settings changed.
Schedule removedProjectSchedule removed.

Streaming

Event nameScopeDescription
Streaming pipeline createdProjectStreaming pipeline created.
Streaming pipeline deletedProjectStreaming pipeline deleted.
Streaming pipeline startedProjectStreaming pipeline started.
Streaming pipeline stoppedProjectStreaming pipeline stopped.
Streaming pipeline changedProjectStreaming pipeline configuration changed.
Streaming pipeline snapshot request createdProjectStreaming pipeline snapshot request created.
Streaming pipeline snapshot request deletedProjectStreaming pipeline snapshot request deleted.
Streaming pipeline email alerts enabledProjectStreaming pipeline email alerts enabled.
Streaming pipeline email alerts disabledProjectStreaming pipeline email alerts disabled.