Skip to main content
The Audit Log gives workspace admins a tamper-evident trail of every meaningful action that takes place in the workspace — who did it, what they did, and when. Use it to investigate incidents, satisfy compliance requirements, and verify that access controls are working as expected. Open it from the sidebar: Settings → Audit Log. You need the audit:read scope to access this page. By default this is available to Tenant Admins, Security Admins, and Compliance Admins.

What is recorded

Every action that mutates workspace state emits an audit entry. Events are grouped into categories:
CategoryExample actions
createMember invited, API key created, team created, connector added
updateWorkspace settings changed, member role changed, retention policy edited
deleteMember removed, API key revoked, team deleted, connector removed
inviteInvitation sent, invitation resent
revokeSession revoked, API key revoked, service account token revoked
exportWorkspace data export triggered
loginAuthentication events (auth.*)
otherAny action not matching the above suffixes
Each entry records:
FieldDescription
ActorThe user (or service account) who performed the action, including their name and ID
ActionA dot-delimited string identifying the event (e.g. member.invited, workspace.settings.updated)
TargetThe type and ID of the resource affected (e.g. member / mbr_01J…)
MetadataStructured context relevant to the event (e.g. the new role assigned, the fields changed)
IP addressThe source IP of the request
TimestampUTC timestamp of the event
Audit log entries cannot be edited or deleted. The retention floor for audit records is 365 days — see Data & Retention.

Filtering the log

Use the filter bar at the top of the Audit Log screen to narrow the results:
FilterDescription
SearchFull-text search across actor names, action strings, and metadata
Date from / Date toRestrict results to a date range (ISO 8601 date, e.g. 2026-01-01)
ActorFilter by a specific member’s user ID
ActionExact action string, or use a wildcard prefix (e.g. member.* matches all member events)
CategoryOne of the category values above — create, update, delete, invite, revoke, export, login, other
Results are returned in reverse chronological order, paginated in pages of up to 100 entries.

Exporting the audit log

Click Export to download the filtered audit log as a CSV file. The export runs asynchronously; you will receive an email when the download is ready.
1

Apply filters (optional)

Set any date range or category filters you want the export to respect.
2

Click Export

A POST /v1/audit/export request is submitted. The response returns 202 Accepted.
3

Download the file

An email is sent to your account address when the export is ready. The link expires after 24 hours.

API endpoints

curl -X GET "https://api.causeloop.ai/v1/audit?category=invite&date_from=2026-01-01&limit=50" \
  -H "Authorization: Bearer $TOKEN"
MethodPathDescription
GET/v1/auditList audit entries (filterable, paginated)
POST/v1/audit/exportQueue a CSV export of filtered entries
Query parameters for GET /settings/audit:
ParameterTypeDescription
qstringFull-text search
date_fromstringStart date (ISO 8601)
date_tostringEnd date (ISO 8601)
actor_idstringFilter to a specific actor
actionstringExact action string or wildcard prefix (e.g. member.*)
categorystringEvent category
limitintegerPage size, 1–100 (default 25)
cursorstringPagination cursor from previous response
For the full REST specification see API Reference.