> ## Documentation Index
> Fetch the complete documentation index at: https://docs.base44.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List audit logs

> Returns paginated audit log events for a workspace.

You can filter by:
- [Event type](/developers/references/audit-logs-api/get-started/event-types)
- App
- User email
- Status
- Date range

Results use cursor-based pagination.



## OpenAPI

````yaml /developers/references/audit-logs-api/audit-logs-openapi.json post /{workspace_id}/list
openapi: 3.1.0
info:
  title: Base44 Audit Logs API
  description: >

    Workspace-scoped audit logs API for security monitoring and SIEM
    integrations.


    Returns raw, unsanitized audit events across all apps in a workspace with
    filtering, sorting, and cursor-based pagination.


    **Authentication:** Pass your workspace API key in the `api_key` header. See
    [Authentication](/developers/references/audit-logs-api/get-started/authentication)
    for setup.


    **Endpoint:** `POST /{workspace_id}/list`


    ---


    ### Filtering & Sorting (first request)


    On the **first** request (no cursor), you may include any combination of:


    | Parameter | Type | Description |

    |-----------|------|-------------|

    | `app_id` | string | Narrow results to a single app |

    | `event_types` | list[string] | Filter by one or more event types |

    | `user_email` | string | Filter by user email |

    | `status` | string | Filter by status (`success` / `failure`) |

    | `start_date` | datetime | Include events from this date (inclusive) |

    | `end_date` | datetime | Include events until this date (exclusive) |

    | `order` | `ASC` or `DESC` | Sort by timestamp (default: `DESC`) |

    | `limit` | integer (1–1000) | Events per page (default: `50`) |


    ---


    ### Cursor Pagination


    This API uses **opaque cursor-based pagination**. The cursor encodes the
    original query (filters, sort, and limit) so the server can resume exactly
    where it left off.


    **How to paginate:**


    1. **First page:** send your filters, sort, and limit — no `cursor`.

    2. **Check the response:** `pagination.next_cursor` contains the cursor for
    the next page. When it is `null`, there are no more pages.

    3. **Next pages:** send **only** `{"cursor": "<value>"}`. **Do not** include
    `app_id`, `event_types`, `user_email`, `status`, `start_date`, `end_date`,
    `order`, or `limit` — these are already encoded in the cursor. The server
    returns HTTP 400 if any filter, sort, or limit parameter is provided
    alongside a cursor.


    **Cursor expiry:** cursors are valid for **24 hours** from creation. An
    expired cursor returns HTTP 400.


    ---


    ### Response Shape


    ```json

    {
      "events": [ { "timestamp", "user_email", "workspace_id", "app_id", "ip", "user_agent", "event_type", "status", "error_code", "metadata" } ],
      "pagination": { "total": 1234, "next_cursor": "..." }
    }

    ```


    ---


    ### Rate Limits

    - 100 requests per minute per API key (enterprise workspaces get 2×)
  version: 1.0.0
servers:
  - url: https://app.base44.com/api/v1/audit-logs
    description: Audit Logs API
security:
  - ApiKeyAuth: []
tags:
  - name: audit-logs
    description: >-
      Query and paginate audit log events with filtering by app, user, event
      type, status, and date range.
paths:
  /{workspace_id}/list:
    post:
      tags:
        - audit-logs
      summary: List audit logs
      description: >-
        Returns paginated audit log events for a workspace.


        You can filter by:

        - [Event
        type](/developers/references/audit-logs-api/get-started/event-types)

        - App

        - User email

        - Status

        - Date range


        Results use cursor-based pagination.
      operationId: list_audit_logs_public__workspace_id__list_post
      parameters:
        - name: workspace_id
          in: path
          required: true
          schema:
            type: string
            description: >-
              Workspace ID. See
              [Overview](/developers/references/audit-logs-api/get-started/overview#workspace-id)
              for how to find it.
            title: Workspace Id
          description: >-
            Workspace ID. See
            [Overview](/developers/references/audit-logs-api/get-started/overview#workspace-id)
            for how to find it.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/PublicListAuditLogsRequest'
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PublicAuditLogsListResponse'
        '422':
          description: Validation Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/HTTPValidationError'
components:
  schemas:
    PublicListAuditLogsRequest:
      properties:
        event_types:
          anyOf:
            - items:
                type: string
              type: array
            - type: 'null'
          title: Event Types
          description: >-
            Filter by one or more [event
            types](/developers/references/audit-logs-api/get-started/event-types).
          example:
            - auth.login
            - app.entity.created
        user_email:
          anyOf:
            - type: string
            - type: 'null'
          title: User Email
          description: Filter by user email.
          example: jane@acme.com
        status:
          anyOf:
            - type: string
            - type: 'null'
          title: Status
          description: Filter by status. Either `"success"` or `"failure"`.
          example: success
        start_date:
          anyOf:
            - type: string
              format: date-time
            - type: 'null'
          title: Start Date
          description: >-
            Filter events from this date (inclusive) in `YYYY-MM-DDTHH:MM:SSZ`
            format.
          example: '2026-01-01T00:00:00Z'
        end_date:
          anyOf:
            - type: string
              format: date-time
            - type: 'null'
          title: End Date
          description: >-
            Filter events until this date (exclusive) in `YYYY-MM-DDTHH:MM:SSZ`
            format.
          example: '2026-02-01T00:00:00Z'
        app_id:
          anyOf:
            - type: string
            - type: 'null'
          title: App Id
          description: App ID to narrow results to a specific app.
          example: 6820f3a4e7b91d003c45a1f2
        limit:
          type: integer
          maximum: 1000
          minimum: 1
          title: Limit
          description: Number of events per page.
          default: 50
          example: 100
        cursor:
          anyOf:
            - type: string
            - type: 'null'
          title: Cursor
          description: Pagination cursor from a previous response.
          example: gAAAAABn7vJ...
        order:
          type: string
          enum:
            - ASC
            - DESC
          title: Order
          description: Sort order by timestamp.
          default: DESC
          example: DESC
      type: object
      title: PublicListAuditLogsRequest
      description: Request body for listing audit log events.
    PublicAuditLogsListResponse:
      properties:
        events:
          items:
            $ref: '#/components/schemas/PublicAuditLogResponse'
          type: array
          title: Events
          description: List of audit log events.
        pagination:
          $ref: '#/components/schemas/PublicPaginationInfo'
          description: Pagination metadata.
      type: object
      required:
        - events
        - pagination
      title: PublicAuditLogsListResponse
      description: Response containing a page of audit log events.
    HTTPValidationError:
      properties:
        detail:
          items:
            $ref: '#/components/schemas/ValidationError'
          type: array
          title: Detail
      type: object
      title: HTTPValidationError
    PublicAuditLogResponse:
      properties:
        timestamp:
          type: string
          format: date-time
          title: Timestamp
          description: When the event occurred in `YYYY-MM-DDTHH:MM:SSZ` format (UTC).
          example: '2026-01-15T09:23:41Z'
        user_email:
          type: string
          title: User Email
          description: Email of the user who performed the action.
          example: jane@acme.com
        workspace_id:
          type: string
          title: Workspace Id
          description: Workspace the event belongs to.
          example: 67f2c8e01a3b5d004e92d7a1
        app_id:
          type: string
          title: App Id
          description: >-
            App ID, if the event is scoped to a specific app. Empty string for
            workspace-level events.
          example: 6820f3a4e7b91d003c45a1f2
        ip:
          type: string
          title: Ip
          description: IP address of the user who performed the action.
          example: 203.0.113.42
        user_agent:
          type: string
          title: User Agent
          description: User-agent string of the user who performed the action.
          example: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)
        event_type:
          type: string
          title: Event Type
          description: >-
            Event type identifier. See [Event
            Types](/developers/references/audit-logs-api/get-started/event-types)
            for possible values.
          example: auth.login
        status:
          type: string
          title: Status
          description: >-
            Whether the action succeeded or failed. Either `"success"` or
            `"failure"`.
          example: success
        error_code:
          type: string
          title: Error Code
          description: Error code when status is `"failure"`. Empty string on success.
          example: ''
        metadata:
          additionalProperties:
            type: string
          type: object
          title: Metadata
          description: >-
            Additional key-value context for the event. Keys vary by event type.
            See [Event
            Types](/developers/references/audit-logs-api/get-started/event-types)
            for details.
          example:
            auth_method: email_password
      type: object
      required:
        - timestamp
        - user_email
        - workspace_id
        - app_id
        - ip
        - user_agent
        - event_type
        - status
        - error_code
        - metadata
      title: PublicAuditLogResponse
      description: A single audit log event.
    PublicPaginationInfo:
      properties:
        total:
          type: integer
          title: Total
          description: Total number of matching events.
          example: 347
        next_cursor:
          anyOf:
            - type: string
            - type: 'null'
          title: Next Cursor
          description: >-
            Cursor for fetching the next page. The value is `null` if there are
            no more pages.
          example: gAAAAABn7vJ...
      type: object
      required:
        - total
      title: PublicPaginationInfo
      description: Pagination metadata for paginated responses.
    ValidationError:
      properties:
        loc:
          items:
            anyOf:
              - type: string
              - type: integer
          type: array
          title: Location
        msg:
          type: string
          title: Message
        type:
          type: string
          title: Error Type
      type: object
      required:
        - loc
        - msg
        - type
      title: ValidationError
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: api_key
      description: >-
        API key for authentication. See the Authentication page for your API for
        details on how to get your key.

````