List Audit Logs
List organization audit logs with filtering and pagination.
Returns audit events for the organization, sorted by timestamp descending. Requires ADMIN permission.
Documentation Index
Fetch the complete documentation index at: https://docs.mixpeek.com/docs/llms.txt
Use this file to discover all available pages before exploring further.
Headers
REQUIRED: Bearer token authentication using your API key. Format: 'Bearer sk_xxxxxxxxxxxxx'. You can create API keys in the Mixpeek dashboard under Organization Settings.
"Bearer YOUR_API_KEY"
"Bearer YOUR_STRIPE_API_KEY"
Query Parameters
Filter by resource type Resource surfaces supported by scoped API keys and audit events.
These resource types can be used in:
- API key scopes to restrict access to specific resources
- Audit logs to identify what type of resource was affected
- Permission systems to grant/deny access to resource categories
Resource hierarchy: ORGANIZATION -> USER, API_KEY, STORAGE_CONNECTION NAMESPACE -> COLLECTION, BUCKET, RETRIEVER, CLUSTER, TAXONOMY
Resource types: - ORGANIZATION: Top-level tenant entity - USER: Organization member with authentication credentials - API_KEY: Authentication token for programmatic access - NAMESPACE: Isolated environment for data and compute resources - COLLECTION: Vector database collection for searchable documents - BUCKET: Object storage container for raw files - RETRIEVER: Configured search/retrieval pipeline - CLUSTER: Ray compute cluster for distributed processing - TAXONOMY: Hierarchical classification system for documents - STORAGE_CONNECTION: External storage provider integration
organization, user, api_key, namespace, collection, bucket, retriever, cluster, taxonomy, storage_connection, alert, annotation Filter by resource ID
Filter by actor ID
Filter by action Canonical audit log actions captured for organization events.
These events are written to the audit trail for compliance, security monitoring, and debugging. Each action includes actor, resource, timestamp, and change details.
User lifecycle actions: - USER_CREATED: New user added to organization - USER_UPDATED: User role, status, or metadata modified - USER_DELETED: User removed from organization
API key lifecycle actions: - API_KEY_CREATED: New API key generated - API_KEY_ROTATED: Key regenerated (old key revoked, new key issued) - API_KEY_REVOKED: Key manually revoked - API_KEY_SCOPE_UPDATED: Key permissions or scopes modified
Permission actions: - PERMISSION_UPDATED: User or key permissions modified
Storage connection actions: - STORAGE_CONNECTION_CREATED: New external storage connection configured - STORAGE_CONNECTION_UPDATED: Connection settings or credentials updated - STORAGE_CONNECTION_DELETED: Connection permanently removed - STORAGE_CONNECTION_TESTED: Connection health check performed - STORAGE_CONNECTION_FAILED: Connection health check or sync failed
Namespace actions: - NAMESPACE_CREATED: New namespace created - NAMESPACE_UPDATED: Namespace configuration modified - NAMESPACE_DELETED: Namespace permanently removed - NAMESPACE_ACCESSED: Namespace read (when read auditing enabled)
Collection actions: - COLLECTION_CREATED: New collection created - COLLECTION_UPDATED: Collection configuration modified - COLLECTION_DELETED: Collection permanently removed - COLLECTION_ACCESSED: Collection read (when read auditing enabled)
Bucket actions: - BUCKET_CREATED: New bucket created - BUCKET_UPDATED: Bucket configuration modified - BUCKET_DELETED: Bucket permanently removed - BUCKET_ACCESSED: Bucket read (when read auditing enabled)
Retriever actions: - RETRIEVER_CREATED: New retriever pipeline created - RETRIEVER_UPDATED: Retriever configuration modified - RETRIEVER_DELETED: Retriever permanently removed - RETRIEVER_ACCESSED: Retriever read (when read auditing enabled) - RETRIEVER_QUERIED: Retriever query executed (when read auditing enabled)
Cluster actions: - CLUSTER_CREATED: New cluster created - CLUSTER_UPDATED: Cluster configuration modified - CLUSTER_DELETED: Cluster permanently removed - CLUSTER_EXECUTED: Cluster job executed - CLUSTER_ACCESSED: Cluster read (when read auditing enabled)
Taxonomy actions: - TAXONOMY_CREATED: New taxonomy created - TAXONOMY_UPDATED: Taxonomy configuration modified - TAXONOMY_DELETED: Taxonomy permanently removed - TAXONOMY_ACCESSED: Taxonomy read (when read auditing enabled)
user_created, user_updated, user_deleted, api_key_created, api_key_rotated, api_key_revoked, api_key_scope_updated, permission_updated, storage_connection_created, storage_connection_updated, storage_connection_deleted, storage_connection_tested, storage_connection_failed, namespace_created, namespace_updated, namespace_deleted, namespace_accessed, collection_created, collection_updated, collection_deleted, collection_accessed, bucket_created, bucket_updated, bucket_deleted, bucket_accessed, retriever_created, retriever_updated, retriever_deleted, retriever_accessed, retriever_queried, cluster_created, cluster_updated, cluster_deleted, cluster_executed, cluster_accessed, taxonomy_created, taxonomy_updated, taxonomy_deleted, taxonomy_accessed, alert_created, alert_updated, alert_deleted, alert_accessed, alert_triggered, annotation_created, annotation_updated, annotation_deleted ISO8601 start timestamp
ISO8601 end timestamp
Number of results to skip
x >= 0Number of results to return
1 <= x <= 1000