Skip to main content

Audit Logs

The Co-mind.ai platform maintains comprehensive audit logs for all API activity. Use audit logs for compliance reporting, security monitoring, and usage analysis.
Audit log access requires JWT authentication with Admin role and the auditView privilege.

Endpoint

EndpointMethodAuthPurpose
/v1/admin/audit-logsGETAdmin (JWT)Query audit logs with filters and aggregation

Query Audit Logs

curl "https://your-instance/v1/admin/audit-logs?start=2025-01-01T00:00:00Z&end=2025-01-31T23:59:59Z&limit=100" \
  -H "Authorization: Bearer $JWT"

Filtering

Audit logs support rich filtering to narrow down results:
ParameterTypeDescription
startISO 8601 datetimeStart of the time range
endISO 8601 datetimeEnd of the time range
user_idstringFilter by specific user
actionstringFilter by action type (e.g., chat.completion, auth.login)
resourcestringFilter by resource type
statusstringFilter by status (success, error)
limitintegerMaximum results to return (default: 50)
offsetintegerPagination offset

Filter by User

curl "https://your-instance/v1/admin/audit-logs?user_id=user_abc123&limit=50" \
  -H "Authorization: Bearer $JWT"

Filter by Action

curl "https://your-instance/v1/admin/audit-logs?action=auth.login&status=error&limit=100" \
  -H "Authorization: Bearer $JWT"

Use Cases

Compliance Reporting

Generate reports showing who accessed what data, when, and from where.

Security Monitoring

Track failed login attempts, unusual API patterns, and token usage.

Usage Analytics

Analyze API usage by endpoint, user, model, and time period.

Incident Investigation

Trace specific requests and responses during security incidents.

Common Queries

curl "https://your-instance/v1/admin/audit-logs?action=auth.login&status=error&start=$(date -u -d '24 hours ago' +%Y-%m-%dT%H:%M:%SZ)" \
  -H "Authorization: Bearer $JWT"

curl "https://your-instance/v1/admin/audit-logs?user_id=user_abc123&action=chat.completion" \
  -H "Authorization: Bearer $JWT"

curl "https://your-instance/v1/admin/audit-logs?action=api-token.create&limit=100" \
  -H "Authorization: Bearer $JWT"

curl "https://your-instance/v1/admin/audit-logs?action=api-token.revoke&limit=100" \
  -H "Authorization: Bearer $JWT"