Audit Logs
Datafly Signal maintains a comprehensive audit trail of all administrative actions. Every create, update, and delete operation performed through the Management API or Management UI is recorded with the acting user, timestamp, affected resource, and a summary of the change.
Audit Log Entry
{
"id": "log_abc123",
"action": "integration.updated",
"user_id": "usr_abc123",
"user_email": "admin@example.com",
"resource_type": "integration",
"resource_id": "int_xyz789",
"changes": {
"enabled": {
"old": true,
"new": false
}
},
"ip_address": "203.0.113.42",
"user_agent": "Mozilla/5.0 ...",
"timestamp": "2026-02-25T14:30:00Z"
}| Field | Type | Description |
|---|---|---|
id | string | Unique audit log entry identifier |
action | string | Action that was performed (see actions below) |
user_id | string | ID of the user who performed the action |
user_email | string | Email of the user who performed the action |
resource_type | string | Type of resource affected |
resource_id | string | ID of the affected resource |
changes | object | Summary of field changes (old and new values) |
ip_address | string | IP address of the request |
user_agent | string | User agent string of the request |
timestamp | string | ISO 8601 timestamp of when the action occurred |
Logged Actions
| Action | Description |
|---|---|
source.created | A new source was created |
source.updated | A source was updated |
source.deleted | A source was deleted |
source.collector_built | A collector JS build was triggered |
integration.created | A new integration was created |
integration.updated | An integration was updated |
integration.deleted | An integration was deleted |
transformation.created | A new transformation was created |
transformation.updated | A transformation was updated |
transformation.deleted | A transformation was deleted |
data_layer.updated | The Org Data Layer config was updated |
user.invited | A new user was invited |
user.updated | A user’s role was changed |
user.deleted | A user was removed |
auth.login | A user logged in |
auth.login_failed | A login attempt failed |
List Audit Logs
GET /v1/admin/audit-logs
Returns a paginated list of audit log entries, ordered by most recent first.
Query parameters:
| Parameter | Type | Default | Description |
|---|---|---|---|
action | string | — | Filter by action (e.g., source.created) |
user_id | string | — | Filter by acting user ID |
resource | string | — | Filter by resource type (e.g., integration) |
from | string | — | Start of date range (ISO 8601) |
to | string | — | End of date range (ISO 8601) |
cursor | string | — | Pagination cursor |
limit | integer | 50 | Items per page (max 100) |
Request:
curl -X GET "http://localhost:8084/v1/admin/audit-logs?action=integration.updated&from=2026-02-01T00:00:00Z&limit=25" \
-H "Authorization: Bearer {access_token}"Response:
{
"data": [
{
"id": "log_abc123",
"action": "integration.updated",
"user_id": "usr_abc123",
"user_email": "admin@example.com",
"resource_type": "integration",
"resource_id": "int_xyz789",
"changes": {
"enabled": {
"old": true,
"new": false
}
},
"ip_address": "203.0.113.42",
"user_agent": "Mozilla/5.0 ...",
"timestamp": "2026-02-25T14:30:00Z"
}
],
"next_cursor": "eyJ0cyI6MTc0MDQ5OTQwMH0",
"has_more": true
}Required role: admin or above.
Filtering Examples
By user
GET /v1/admin/audit-logs?user_id=usr_abc123By resource type
GET /v1/admin/audit-logs?resource=sourceBy action and date range
GET /v1/admin/audit-logs?action=user.invited&from=2026-02-01T00:00:00Z&to=2026-02-28T23:59:59ZCombining filters
All query parameters can be combined:
GET /v1/admin/audit-logs?resource=integration&user_id=usr_abc123&from=2026-02-01T00:00:00Z&limit=10Retention
Audit log entries are retained for 90 days. Entries older than 90 days are automatically purged.
For long-term audit retention, export audit logs to your own data warehouse using the BigQuery, Snowflake, or S3 integrations. Set up a scheduled export or use the API to periodically fetch and store audit entries.
Audit logs are read-only. They cannot be modified or deleted through the API. This ensures a tamper-proof record of all administrative actions.