Audit Logs

Query permission decision logs, mutation change logs, and bulk export.

The audit system provides immutable logs of every permission decision and every mutation to authorization configuration. Logs are retained for 90 days.

Scope: permissions:audit

Rate limit: 100/hr

Decision logs

GET /api/v1/permissions/audit

Query permission check decisions — who checked what, when, and the result.

Parameter	Type	Description
`adminId`	`string`	Filter by user
`path`	`string`	Filter by permission path
`action`	`string`	Filter by action
`allowed`	`boolean`	Filter by result
`from`	`string`	Start date (ISO 8601)
`to`	`string`	End date (ISO 8601)
`limit`	`number`	Results per page (default 50, max 200)
`cursor`	`string`	Pagination cursor

curl "https://api.platformxe.com/api/v1/permissions/audit?adminId=user_xyz789&from=2026-04-01T00:00:00Z" \
  -H "x-api-key: pxk_live_your_api_key_here"

const logs = await px.permissions.auditDecisions({
  adminId: 'user_xyz789',
  from: '2026-04-01T00:00:00Z',
});

Response

{
  "success": true,
  "data": {
    "entries": [
      {
        "id": "aud_abc123",
        "adminId": "user_xyz789",
        "path": "articles",
        "action": "delete",
        "allowed": false,
        "source": "override_deny",
        "timestamp": "2026-04-05T14:30:00.000Z"
      }
    ],
    "cursor": "next_page_token"
  }
}

Change logs

GET /api/v1/permissions/audit/changes

Query mutations to roles, policies, overrides, and relationships.

curl "https://api.platformxe.com/api/v1/permissions/audit/changes?from=2026-04-01T00:00:00Z" \
  -H "x-api-key: pxk_live_your_api_key_here"

const changes = await px.permissions.auditChanges({
  from: '2026-04-01T00:00:00Z',
});

Bulk export

GET /api/v1/permissions/audit/export

Export audit logs in bulk for compliance or analysis.

Parameter	Type	Description
`type`	`string`	`decisions` or `changes`
`from`	`string`	Start date (ISO 8601)
`to`	`string`	End date (ISO 8601)
`format`	`string`	`json` or `csv`

curl "https://api.platformxe.com/api/v1/permissions/audit/export?type=decisions&from=2026-03-01T00:00:00Z&to=2026-04-01T00:00:00Z&format=csv" \
  -H "x-api-key: pxk_live_your_api_key_here"

Audit logs are retained for 90 days. A daily cleanup cron removes entries older than 90 days. Export logs before the retention window if you need long-term archival.

Error responses

Code	Description
`BAD_REQUEST`	Invalid date range or unknown format
`FORBIDDEN`	API key missing `permissions:audit` scope
`RATE_LIMITED`	Exceeded 100/hr audit query limit