SutraID|Developer Docs
QuickstartAPI ReferenceDashboard

Audit Logs

Immutable audit trail for compliance — query logs, filter by action/result, and aggregate stats.

GET/api/v1/organizations/:orgId/audit/logsQuery audit logsBearer Token

Returns a paginated, filterable list of audit log entries for an organization. Requires the audit:read permission.

Parameters

NameTypeRequiredDescription
orgIdstring (UUID)RequiredUnique identifier of the organization.e.g. org_01hx9z1q2w3e4r5t6y7u
userIdstringOptionalFilter logs by the user who performed the action.e.g. usr_01hx9z1q2w3e4r5t6y7u
actionstringOptionalFilter logs by action type (e.g. user.login, user.created).e.g. user.login
resultstringOptionalFilter logs by outcome of the action.e.g. SUCCESS
SUCCESSFAILUREDENIED
startDatestring (ISO 8601)OptionalStart of the date range filter (inclusive).e.g. 2024-01-01T00:00:00Z
endDatestring (ISO 8601)OptionalEnd of the date range filter (inclusive).e.g. 2024-12-31T23:59:59Z
pagenumberOptionalPage number for pagination (1-indexed). Defaults to 1.e.g. 1
limitnumberOptionalNumber of results per page. Defaults to 50, maximum 100.e.g. 50

Response Fields

NameTypeRequiredDescription
dataAuditLog[]OptionalArray of audit log entries for the current page.
data[].idstringOptionalUnique identifier of the audit log entry.
data[].organizationIdstringOptionalOrganization the event belongs to.
data[].userIdstringOptionalID of the user who performed the action.
data[].agentIdstringOptionalID of the agent/service that performed the action (if applicable).
data[].actionstringOptionalAction that was performed (e.g. user.login).
data[].resourcestringOptionalResource that was acted upon.
data[].resultstringOptionalOutcome of the action: SUCCESS, FAILURE, or DENIED.
data[].metadataobjectOptionalArbitrary JSON metadata associated with the event.
data[].riskScorenumberOptionalComputed risk score for the event (0–100).
data[].ipAddressstringOptionalIP address from which the action originated.
data[].userAgentstringOptionalUser-Agent string of the client.
data[].createdAtstringOptionalISO 8601 timestamp of when the event occurred.
totalnumberOptionalTotal number of log entries matching the query.
pagenumberOptionalCurrent page number.
limitnumberOptionalNumber of results per page.

Response Example

{
  "data": [
    {
      "id": "aud_01hx9z1q2w3e4r5t6y7u",
      "organizationId": "org_01hx9z1q2w3e4r5t6y7u",
      "userId": "usr_01hx9z1q2w3e4r5t6y7u",
      "agentId": null,
      "action": "user.login",
      "resource": "auth",
      "result": "SUCCESS",
      "metadata": {
        "method": "magic_link"
      },
      "riskScore": 5,
      "ipAddress": "203.0.113.42",
      "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)",
      "createdAt": "2024-06-01T09:30:00Z"
    }
  ],
  "total": 1240,
  "page": 1,
  "limit": 50
}

Code Examples

curl -X GET "https://api.sutraid.com/api/v1/organizations/org_01hx9z1q2w3e4r5t6y7u/audit/logs?result=SUCCESS&page=1&limit=50" \
  -H "Authorization: Bearer <your_token>"
GET/api/v1/organizations/:orgId/audit/statsGet audit statsBearer Token

Returns aggregated audit statistics for an organization over a configurable time window. Requires the audit:read permission.

Parameters

NameTypeRequiredDescription
orgIdstring (UUID)RequiredUnique identifier of the organization.e.g. org_01hx9z1q2w3e4r5t6y7u
daysnumberOptionalNumber of past days to include in the stats window. Defaults to 30.e.g. 30

Response Fields

NameTypeRequiredDescription
totalEventsnumberOptionalTotal number of audit events in the time window.
byActionArray<{ action: string; count: number }>OptionalEvent counts grouped by action type.
byResultArray<{ result: string; count: number }>OptionalEvent counts grouped by result (SUCCESS, FAILURE, DENIED).

Response Example

{
  "totalEvents": 4823,
  "byAction": [
    {
      "action": "user.login",
      "count": 3102
    },
    {
      "action": "user.created",
      "count": 87
    },
    {
      "action": "policy.evaluated",
      "count": 1634
    }
  ],
  "byResult": [
    {
      "result": "SUCCESS",
      "count": 4601
    },
    {
      "result": "FAILURE",
      "count": 158
    },
    {
      "result": "DENIED",
      "count": 64
    }
  ]
}

Code Examples

curl -X GET "https://api.sutraid.com/api/v1/organizations/org_01hx9z1q2w3e4r5t6y7u/audit/stats?days=30" \
  -H "Authorization: Bearer <your_token>"