GET /v1/admin/audit-log
Read your own org's audit events. Strictly scoped to the authenticated org.
What this is
Returns audit events for the authenticated org only. Scoping is enforced at the router, not only at the query. Cannot read another org’s events under any circumstance.
When to use
Compliance evidence collection, investigating a suspicious auth event, building an internal security dashboard.
Request
curl "https://api.cohesionauth.com/v1/admin/audit-log?event_type=KEY_ROTATED&since=2026-04-01&limit=100" \
-H "X-API-Key: $COHESION_API_KEY"Python
events = client.admin.audit_log(event_type="KEY_ROTATED", since="2026-04-01", limit=100)TypeScript
const events = await client.admin.auditLog({ event_type: "KEY_ROTATED", since: "2026-04-01", limit: 100 });Query params
| Param | Type | Default | Notes |
|---|---|---|---|
event_type | string | any | Whitelisted to schema CHECK constraint |
since | ISO-8601 | none | Inclusive lower bound |
until | ISO-8601 | now | Exclusive upper bound |
limit | int 1-500 | 100 | Capped server-side |
Response (abridged)
{
"events": [
{
"event_type": "KEY_ROTATED",
"timestamp": "2026-04-22T18:22:10.432Z",
"org_id": "org_...",
"prefix": "ck_live_7Z9Q3RXN",
"actor": "self_serve"
}
],
"count": 1,
"filters": { "event_type": "KEY_ROTATED", "since": "2026-04-01" },
"request_id": "req_01H...",
"timestamp": "2026-04-22T18:22:10.432Z"
}Retention
Audit log retained 90 days (see security).
Errors
| Status | Meaning |
|---|---|
422 | Unknown event_type, invalid ISO date, limit out of range |
Next step
See full security posture: security.