# audit-logs ## GET /api/v1/audit-logs > Lists audit log records. ```json {"openapi":"3.0.0","info":{"title":"Lenses API","version":"6.2"},"tags":[{"name":"hq_audit-logs"}],"servers":[{"url":"{server}","variables":{"server":{"default":"https://api.example.com"}}}],"security":[{"bearerAuth":[]},{"cookieAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer","description":"The bearer token can be obtained by creating a ServiceAccount.\n"},"cookieAuth":{"type":"apiKey","in":"cookie","name":"session_id","description":"On successful SAML/SSO login, the API will set a cookie with a session id.\n"}},"schemas":{"hq_AuditLogList":{"type":"object","description":"Paginated list of audit logs using cursor-based pagination.","properties":{"items":{"type":"array","items":{"$ref":"#/components/schemas/hq_AuditLog"}},"next_cursor":{"type":"string","description":"Opaque cursor for fetching the next page. Absent if no more results."}},"required":["items"]},"hq_AuditLog":{"type":"object","description":"An audit log record.","properties":{"id":{"type":"string","description":"Unique identifier (e.g., aud_xxx)."},"timestamp":{"type":"string","format":"date-time","description":"When the action occurred."},"principal":{"type":"string","description":"Principal name (user or service account)."},"operation_id":{"type":"string","description":"Operation identifier (e.g., iam:CreateUser)."},"resource_lrn":{"type":"string","description":"LRN of the affected resource (if applicable)."},"request":{"type":"object","additionalProperties":true,"description":"Request body (sensitive data redacted)."},"response":{"type":"object","additionalProperties":true,"description":"Response body (sensitive data redacted)."}},"required":["id","timestamp","principal","operation_id"]},"hq_Error":{"type":"object","description":"Implements the RFC7807 \"Problem Details\", see https://www.rfc-editor.org/rfc/rfc7807.","properties":{"type":{"$ref":"#/components/schemas/hq_ErrorType"},"title":{"description":"Describes the problem in a human readable fashion.","type":"string"},"status":{"description":"Is a copy of the http status code.","type":"integer"},"invalid_fields":{"description":"Lists for validation errors the fields that failed validation.","type":"array","items":{"$ref":"#/components/schemas/hq_InvalidField"}},"sso_url":{"description":"Contains in case of an \"unauthorised\" type of error, the url of the SSO provider, if any.","type":"string"},"request_id":{"description":"Is set to the id of this request. Can be used to correlate backend logs.","type":"string"}},"required":["status","title"]},"hq_ErrorType":{"type":"string","description":"Enumerates possible error types.","enum":["not_found","unauthorised","forbidden","internal_server_error","agent_rpc_error","missing_agent_capabilities","agent_not_connected","validation_error","invalid_metadata","missing_parameter","invalid_parameter","licence_limitation","conflict","unspecified"]},"hq_InvalidField":{"type":"object","properties":{"name":{"type":"string"},"error":{"$ref":"#/components/schemas/hq_FieldErrorType"},"title":{"type":"string"},"pointer":{"description":"Holds a RFC-6901 JSON Pointer.","type":"string"}},"required":["name","error","title"]},"hq_FieldErrorType":{"type":"string","description":"Enumerates field validation error types.","enum":["reference_not_found","not_unique","invalid_value","other_error"]}}},"paths":{"/api/v1/audit-logs":{"get":{"description":"Lists audit log records.","operationId":"listAuditLogs","parameters":[{"name":"pagination_cursor","in":"query","description":"Cursor for pagination. Pass next_cursor from previous response.","schema":{"type":"string"}},{"name":"limit","in":"query","description":"Maximum number of items to return. Greater than 0, less than 1000.","schema":{"type":"integer","default":25}},{"name":"from","in":"query","description":"Filter logs from this timestamp (inclusive).","schema":{"type":"string","format":"date-time"}},{"name":"to","in":"query","description":"Filter logs until this timestamp (exclusive).","schema":{"type":"string","format":"date-time"}},{"name":"principal","in":"query","description":"Filter by principal name.","schema":{"type":"string"}},{"name":"operation_id","in":"query","description":"Filter by operation ID (e.g., createUser).","schema":{"type":"string"}},{"name":"sort_order","in":"query","description":"Sort order by timestamp. Defaults to descending (most recent first).","schema":{"type":"string","enum":["asc","desc"],"default":"desc"}}],"responses":{"200":{"description":"List of audit log records.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/hq_AuditLogList"}}}},"default":{"description":"Error object.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/hq_Error"}}}}},"tags":["hq_audit-logs"]}}}} ``` ## DELETE /api/v1/audit-logs > Deletes audit log records up to the given timestamp. ```json {"openapi":"3.0.0","info":{"title":"Lenses API","version":"6.2"},"tags":[{"name":"hq_audit-logs"}],"servers":[{"url":"{server}","variables":{"server":{"default":"https://api.example.com"}}}],"security":[{"bearerAuth":[]},{"cookieAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer","description":"The bearer token can be obtained by creating a ServiceAccount.\n"},"cookieAuth":{"type":"apiKey","in":"cookie","name":"session_id","description":"On successful SAML/SSO login, the API will set a cookie with a session id.\n"}},"schemas":{"hq_Error":{"type":"object","description":"Implements the RFC7807 \"Problem Details\", see https://www.rfc-editor.org/rfc/rfc7807.","properties":{"type":{"$ref":"#/components/schemas/hq_ErrorType"},"title":{"description":"Describes the problem in a human readable fashion.","type":"string"},"status":{"description":"Is a copy of the http status code.","type":"integer"},"invalid_fields":{"description":"Lists for validation errors the fields that failed validation.","type":"array","items":{"$ref":"#/components/schemas/hq_InvalidField"}},"sso_url":{"description":"Contains in case of an \"unauthorised\" type of error, the url of the SSO provider, if any.","type":"string"},"request_id":{"description":"Is set to the id of this request. Can be used to correlate backend logs.","type":"string"}},"required":["status","title"]},"hq_ErrorType":{"type":"string","description":"Enumerates possible error types.","enum":["not_found","unauthorised","forbidden","internal_server_error","agent_rpc_error","missing_agent_capabilities","agent_not_connected","validation_error","invalid_metadata","missing_parameter","invalid_parameter","licence_limitation","conflict","unspecified"]},"hq_InvalidField":{"type":"object","properties":{"name":{"type":"string"},"error":{"$ref":"#/components/schemas/hq_FieldErrorType"},"title":{"type":"string"},"pointer":{"description":"Holds a RFC-6901 JSON Pointer.","type":"string"}},"required":["name","error","title"]},"hq_FieldErrorType":{"type":"string","description":"Enumerates field validation error types.","enum":["reference_not_found","not_unique","invalid_value","other_error"]}}},"paths":{"/api/v1/audit-logs":{"delete":{"description":"Deletes audit log records up to the given timestamp.","operationId":"deleteAuditLogs","parameters":[{"name":"before","in":"query","required":true,"description":"Delete logs with timestamp before this value (exclusive).","schema":{"type":"string","format":"date-time"}}],"responses":{"204":{"description":"Audit logs deleted successfully."},"default":{"description":"Error object.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/hq_Error"}}}}},"tags":["hq_audit-logs"]}}}} ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.lenses.io/latest/api-reference/reference/audit-logs.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.